The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Interview about PHPSecInfo; new build available


I decided to not be all self-deprecating as I usually am with things like this, and admit that I’m really happy and proud to say that I was interviewed by Cal Evans for the Zend Developer Zone.

I guess the first question that comes to my mind is “Why did you build this?”
I built it because there was no good way to audit the security settings in your PHP.INI or your PHP environment. The average PHP user I feel is someone who can use an installer to install scripts on their server, get them running and do a little customization or hack up some code but they are not educated developers. These users have no easy way to check how secure their environment is. So I wrote PHPSecInfo to give these uses something easy to run and present the information in a format they are already familiar with.

Read the rest »


Also, I uploaded a new build of PHPSecInfo this morning.  This version fixes the errant Notices we were getting, makes it easier to extract test data for your own nefarious purposes, and fixes a bug with the curl file protocol test on PHP4.  The latter unfortunately just skips the test on PHP4 because I’m not sure how to do the check; suggestions are welcome.



What’s new:
- Added PhpSecInfo::getOutput(), PhpSecInfo::loadAndRun() and PhpSecInfo::getResultsAsArray() methods
- Modified PhpSecInfo::runTests() to fix undefined offsent notices
- Modified PhpSecInfo_Test::setMessageForResult() to fix undefined offset notices
- Modified PhpSecInfo_Test_Curl_File_Support to skip if PHP version is


Posted by WebIndent
on Saturday, November 18, 2006 at 09:39 PM

It’s great! I remember…

Leave a comment

Commenting is not available in this section entry.