goba Sun Aug 8 12:11:36 2004 EDT
Removed files:
/phpdoc/en/security index.xml
Modified files:
/phpdoc manual.xml.in
/phpdoc/en/security apache.xml cgi-bin.xml current.xml database.xml
errors.xml filesystem.xml general.xml
globals.xml hiding.xml intro.xml variables.xml
Log:
Solved the 'security in security' TOC problem
by elevating the containers one level up.
Yes, I know this breaks all translations with
a translated security section and I am working
on solving their problems
http://cvs.php.net/diff.php/phpdoc/manual.xml.in?r1=1.183&r2=1.184&ty=u
Index: phpdoc/manual.xml.in
diff -u phpdoc/manual.xml.in:1.183 phpdoc/manual.xml.in:1.184
--- phpdoc/manual.xml.in:1.183 Fri Aug 6 18:37:44 2004
+++ phpdoc/manual.xml.in Sun Aug 8 12:11:36 2004
@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"@srcdir@/dtds/dbxml-4.1.2/docbookx.dtd" [
-<!-- $Revision: 1.183 $ -->
+<!-- $Revision: 1.184 $ -->
<!-- Add translated specific definitions and snippets -->
<!ENTITY % language-defs SYSTEM "@srcdir@/@LANGDIR@/language-defs.ent">
@@ -84,7 +84,17 @@
<part id="security">
<title>&Security;</title>
- &security.index;
+ &security.intro;
+ &security.general;
+ &security.cgi-bin;
+ &security.apache;
+ &security.filesystem;
+ &security.database;
+ &security.errors;
+ &security.globals;
+ &security.variables;
+ &security.hiding;
+ &security.current;
</part>
<part id="features">
http://cvs.php.net/diff.php/phpdoc/en/security/apache.xml?r1=1.1&r2=1.2&ty=u
Index: phpdoc/en/security/apache.xml
diff -u phpdoc/en/security/apache.xml:1.1 phpdoc/en/security/apache.xml:1.2
--- phpdoc/en/security/apache.xml:1.1 Mon Jan 26 08:22:25 2004
+++ phpdoc/en/security/apache.xml Sun Aug 8 12:11:36 2004
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.1 $ -->
+<!-- $Revision: 1.2 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
- <sect1 id="security.apache">
+ <chapter id="security.apache">
<title>Installed as an Apache module</title>
<simpara>
When PHP is used as an Apache module it inherits Apache's user
@@ -43,7 +43,7 @@
apache-only areas, to restrict all web based activity to non-user,
or non-system, files.
</simpara>
- </sect1>
+ </chapter>
<!-- Keep this comment at the end of the file
Local variables:
http://cvs.php.net/diff.php/phpdoc/en/security/cgi-bin.xml?r1=1.3&r2=1.4&ty=u
Index: phpdoc/en/security/cgi-bin.xml
diff -u phpdoc/en/security/cgi-bin.xml:1.3 phpdoc/en/security/cgi-bin.xml:1.4
--- phpdoc/en/security/cgi-bin.xml:1.3 Tue Jun 1 15:50:45 2004
+++ phpdoc/en/security/cgi-bin.xml Sun Aug 8 12:11:36 2004
@@ -1,10 +1,10 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.3 $ -->
+<!-- $Revision: 1.4 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
- <sect1 id="security.cgi-bin">
+ <chapter id="security.cgi-bin">
<title>Installed as CGI binary</title>
- <sect2 id="security.cgi-bin.attacks">
+ <sect1 id="security.cgi-bin.attacks">
<title>Possible attacks</title>
<simpara>
Using PHP as a <acronym>CGI</acronym> binary is an option for
@@ -74,9 +74,9 @@
</simpara>
</listitem>
</itemizedlist>
- </sect2>
+ </sect1>
- <sect2 id="security.cgi-bin.default">
+ <sect1 id="security.cgi-bin.default">
<title>Case 1: only public files served</title>
<simpara>
@@ -98,9 +98,9 @@
Redirection can be configured in Apache by using AddHandler and
Action directives (see below).
</simpara>
- </sect2>
+ </sect1>
- <sect2 id="security.cgi-bin.force-redirect">
+ <sect1 id="security.cgi-bin.force-redirect">
<title>Case 2: using --enable-force-cgi-redirect</title>
<simpara>
This compile-time option prevents anyone from calling PHP
@@ -128,9 +128,9 @@
one of the other ways of running the CGI version documented
here.
</simpara>
- </sect2>
+ </sect1>
- <sect2 id="security.cgi-bin.doc-root">
+ <sect1 id="security.cgi-bin.doc-root">
<title>Case 3: setting doc_root or user_dir</title>
<simpara>
To include active content, like scripts and executables, in the
@@ -188,9 +188,9 @@
the document root and user directory access
separately.
</simpara>
- </sect2>
+ </sect1>
- <sect2 id="security.cgi-bin.shell">
+ <sect1 id="security.cgi-bin.shell">
<title>Case 4: PHP parser outside of web tree</title>
<para>
A very secure option is to put the PHP parser binary somewhere
@@ -219,9 +219,9 @@
linkend="configure.enable-discard-path">--enable-discard-path</link>
configure option.
</para>
- </sect2>
+ </sect1>
- </sect1>
+ </chapter>
<!-- Keep this comment at the end of the file
Local variables:
http://cvs.php.net/diff.php/phpdoc/en/security/current.xml?r1=1.1&r2=1.2&ty=u
Index: phpdoc/en/security/current.xml
diff -u phpdoc/en/security/current.xml:1.1 phpdoc/en/security/current.xml:1.2
--- phpdoc/en/security/current.xml:1.1 Mon Jan 26 08:22:25 2004
+++ phpdoc/en/security/current.xml Sun Aug 8 12:11:36 2004
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.1 $ -->
+<!-- $Revision: 1.2 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
- <sect1 id="security.current">
+ <chapter id="security.current">
<title>Keeping Current</title>
<simpara>
PHP, like any other large system, is under constant scrutiny and
@@ -15,7 +15,7 @@
approach is to update often, and maintain awareness of the latest
versions and their changes.
</simpara>
- </sect1>
+ </chapter>
<!-- Keep this comment at the end of the file
http://cvs.php.net/diff.php/phpdoc/en/security/database.xml?r1=1.4&r2=1.5&ty=u
Index: phpdoc/en/security/database.xml
diff -u phpdoc/en/security/database.xml:1.4 phpdoc/en/security/database.xml:1.5
--- phpdoc/en/security/database.xml:1.4 Sun Apr 11 11:42:00 2004
+++ phpdoc/en/security/database.xml Sun Aug 8 12:11:36 2004
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.4 $ -->
+<!-- $Revision: 1.5 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
- <sect1 id="security.database">
+ <chapter id="security.database">
<title>Database Security</title>
<simpara>
@@ -30,7 +30,7 @@
deals with your greatest fears.
</simpara>
- <sect2 id="security.database.design">
+ <sect1 id="security.database.design">
<title>Designing Databases</title>
<simpara>
The first step is always to create the database, unless you want to use
@@ -64,9 +64,9 @@
insight when debugging problems with your application or tracing back
transactions.
</simpara>
- </sect2>
+ </sect1>
- <sect2 id="security.database.connection">
+ <sect1 id="security.database.connection">
<title>Connecting to Database</title>
<simpara>
You may want to estabilish the connections over SSL to encrypt
@@ -80,9 +80,9 @@
linkend="ref.openssl">OpenSSL functions</link> in communication between
PHP and database via SSL.
</simpara-->
- </sect2>
+ </sect1>
- <sect2 id="security.database.storage">
+ <sect1 id="security.database.storage">
<title>Encrypted Storage Model</title>
<simpara>
SSL/SSH protects data travelling from the client to the server, SSL/SSH
@@ -140,9 +140,9 @@
]]>
</programlisting>
</example>
- </sect2>
+ </sect1>
- <sect2 id="security.database.sql-injection">
+ <sect1 id="security.database.sql-injection">
<title>SQL Injection</title>
<simpara>
Many web developers are unaware of how SQL queries can be tampered with,
@@ -347,7 +347,7 @@
</para>
</note>
- <sect3 id="security.database.avoiding">
+ <sect2 id="security.database.avoiding">
<title>Avoiding techniques</title>
<simpara>
You may plead that the attacker must possess a piece of information
@@ -444,9 +444,9 @@
application has been circumvented. The log is not useful by itself, but
through the information it contains. More detail is generally better than less.
</simpara>
- </sect3>
- </sect2>
- </sect1>
+ </sect2>
+ </sect1>
+ </chapter>
<!-- Keep this comment at the end of the file
Local variables:
http://cvs.php.net/diff.php/phpdoc/en/security/errors.xml?r1=1.4&r2=1.5&ty=u
Index: phpdoc/en/security/errors.xml
diff -u phpdoc/en/security/errors.xml:1.4 phpdoc/en/security/errors.xml:1.5
--- phpdoc/en/security/errors.xml:1.4 Thu Mar 18 10:40:04 2004
+++ phpdoc/en/security/errors.xml Sun Aug 8 12:11:36 2004
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.4 $ -->
+<!-- $Revision: 1.5 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
- <sect1 id="security.errors">
+ <chapter id="security.errors">
<title>Error Reporting</title>
<para>
With PHP security, there are two sides to error reporting. One is
@@ -117,7 +117,7 @@
</programlisting>
</example>
</para>
- </sect1>
+ </chapter>
<!-- Keep this comment at the end of the file
Local variables:
http://cvs.php.net/diff.php/phpdoc/en/security/filesystem.xml?r1=1.2&r2=1.3&ty=u
Index: phpdoc/en/security/filesystem.xml
diff -u phpdoc/en/security/filesystem.xml:1.2 phpdoc/en/security/filesystem.xml:1.3
--- phpdoc/en/security/filesystem.xml:1.2 Thu Apr 1 01:31:15 2004
+++ phpdoc/en/security/filesystem.xml Sun Aug 8 12:11:36 2004
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.2 $ -->
+<!-- $Revision: 1.3 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
- <sect1 id="security.filesystem">
+ <chapter id="security.filesystem">
<title>Filesystem Security</title>
<simpara>
PHP is subject to the security built into most server systems with
@@ -133,7 +133,7 @@
reason, it's usually easier to create a policy where you forbid
everything except for what you explicitly allow.
</para>
- </sect1>
+ </chapter>
<!-- Keep this comment at the end of the file
Local variables:
http://cvs.php.net/diff.php/phpdoc/en/security/general.xml?r1=1.2&r2=1.3&ty=u
Index: phpdoc/en/security/general.xml
diff -u phpdoc/en/security/general.xml:1.2 phpdoc/en/security/general.xml:1.3
--- phpdoc/en/security/general.xml:1.2 Sun Apr 18 09:52:53 2004
+++ phpdoc/en/security/general.xml Sun Aug 8 12:11:36 2004
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.2 $ -->
+<!-- $Revision: 1.3 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
- <sect1 id="security.general">
+ <chapter id="security.general">
<title>General considerations</title>
<simpara>
A completely secure system is a virtual impossibility, so an
@@ -47,7 +47,7 @@
simply trawl massive IP blocks looking for victims. Try not to
become one.
</simpara>
- </sect1>
+ </chapter>
<!-- Keep this comment at the end of the file
Local variables:
http://cvs.php.net/diff.php/phpdoc/en/security/globals.xml?r1=1.2&r2=1.3&ty=u
Index: phpdoc/en/security/globals.xml
diff -u phpdoc/en/security/globals.xml:1.2 phpdoc/en/security/globals.xml:1.3
--- phpdoc/en/security/globals.xml:1.2 Sun Apr 11 11:42:00 2004
+++ phpdoc/en/security/globals.xml Sun Aug 8 12:11:36 2004
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.2 $ -->
+<!-- $Revision: 1.3 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
- <sect1 id="security.globals">
+ <chapter id="security.globals">
<title>Using Register Globals</title>
<para>
Perhaps the most controversial change in PHP is when the default value
@@ -136,7 +136,7 @@
¬e.superglobals;
- </sect1>
+ </chapter>
<!-- Keep this comment at the end of the file
Local variables:
http://cvs.php.net/diff.php/phpdoc/en/security/hiding.xml?r1=1.1&r2=1.2&ty=u
Index: phpdoc/en/security/hiding.xml
diff -u phpdoc/en/security/hiding.xml:1.1 phpdoc/en/security/hiding.xml:1.2
--- phpdoc/en/security/hiding.xml:1.1 Mon Jan 26 08:22:25 2004
+++ phpdoc/en/security/hiding.xml Sun Aug 8 12:11:36 2004
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.1 $ -->
+<!-- $Revision: 1.2 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
- <sect1 id="security.hiding">
+ <chapter id="security.hiding">
<title>Hiding PHP</title>
<para>
In general, security by obscurity is one of the weakest forms of security.
@@ -52,7 +52,7 @@
the above extensions. While it is a form of security through
obscurity, it's a minor preventative measure with few drawbacks.
</para>
- </sect1>
+ </chapter>
<!-- Keep this comment at the end of the file
http://cvs.php.net/diff.php/phpdoc/en/security/intro.xml?r1=1.3&r2=1.4&ty=u
Index: phpdoc/en/security/intro.xml
diff -u phpdoc/en/security/intro.xml:1.3 phpdoc/en/security/intro.xml:1.4
--- phpdoc/en/security/intro.xml:1.3 Wed Feb 18 11:05:29 2004
+++ phpdoc/en/security/intro.xml Sun Aug 8 12:11:36 2004
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.3 $ -->
+<!-- $Revision: 1.4 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
- <sect1 id="security.intro">
+ <chapter id="security.intro">
<title>Introduction</title>
<simpara>
PHP is a powerful language and the interpreter, whether included
@@ -37,7 +37,7 @@
they can be safely used, and describes different considerations in
coding for different levels of security.
</simpara>
- </sect1>
+ </chapter>
<!-- Keep this comment at the end of the file
Local variables:
http://cvs.php.net/diff.php/phpdoc/en/security/variables.xml?r1=1.2&r2=1.3&ty=u
Index: phpdoc/en/security/variables.xml
diff -u phpdoc/en/security/variables.xml:1.2 phpdoc/en/security/variables.xml:1.3
--- phpdoc/en/security/variables.xml:1.2 Thu Apr 1 01:31:15 2004
+++ phpdoc/en/security/variables.xml Sun Aug 8 12:11:36 2004
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.2 $ -->
+<!-- $Revision: 1.3 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
- <sect1 id="security.variables">
+ <chapter id="security.variables">
<title>User Submitted Data</title>
<para>
The greatest weakness in many PHP programs is not inherent in the
@@ -75,7 +75,7 @@
initialized (so you can prevent unusual data from being
operated upon).
</para>
- </sect1>
+ </chapter>
<!-- Keep this comment at the end of the file
Local variables:
