Home About Articles Contact Library Projects
Consortium News
Fri, 20 Oct 2006
PHP Security Consortium Launches New Project - PHPSecInfo

Wed, 16 Nov 2005
Daniel Convissor Elected as Principal

Promotional Links
Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information

user_id

Test Description

Checks the user ID of the PHP process to see if it is less than 100.

Security Implications

User IDs under 100 are generally reserved for privileged/system users. If PHP executes as a userid under 100, it may have access to read or manipulate system files.

Recommendations

Change the user and group that PHP executes as. If you're using the Apache module, you'll need to change what user Apache runs as with the User and Group directives. If PHP is executing as a CGI, look at a method of executing CGIs as a non-privileged user like Apache's suEXEC or mod_suPHP.

More Information

« Test information index
Get PhpSecInfo