Finally - PHP has NoIndex on phpinfo output

June 4th, 2008 by Aaron

Web Hosting - ASP, PHP, Perl, Frontpage, SSH

Security Issue?

A big issue with PHP security had been the developers creating a php info page and not removing it from a production site. As you may know, phpinfo() will dump a ton of useful information (for the developer - as well as the cracker) to the screen:

?View Code PHP
1

phpinfo();

I can’t imagine how many versions of that are out on various servers…

Actually, let’s take a look with this google query

More than a million returns (granted they’re not all phpinfo() calls… but it gives you a good idea…)

There is Hope

With the release of 5.2.1 of PHP, phpinfo() now outputs the following meta tag:

?View Code HTML
1

<meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" />

This will slowly but surely stop compliant robots (see: google, yahoo… not crackerMcCrackenstein.com) from archiving these… yes!

Tags: ,

This entry was posted on Wednesday, June 4th, 2008 at 10:13 am and is filed under PHPsecurity. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.


« PHP Script Configuration Class with Logic built in | Prototype JS - form elements need names, not just IDs »

Leave a Reply

102 Degrees Blog

Web Programming and Design by Aaron Saray


©2008 102 Degrees LLC - All Rights Reserved Home Services Products Network Blog Open Source Learning Contact