To view your hosting service PHP settings, go to Admin >> Setup >> then select the Diagnostics tab, and click the link for PHP Info Screen.
If your hosting service has register_globals = on and allow_url_fopen = on, you can override those options and turn them off, by creating a php.ini file and placing the created php.ini file in every directory where php scripts are executed, or you may be able to use a .htaccess file. See When to use .htaccess or php.ini files provided by BruceM on user2 list on 25 Feb 2009
If TNG is installed in a genealogy subdirectory, then that means you need to put the php.ini override in your root directory, the genealogy subdirectory, and the genealogy/admin subdirectory.
You will need to check with your hosting service as to what other parameters you may need to include for compatibility reasons.
register_globals = off allow_url_fopen = off
It may be possible to use .htaccess to provide the overrides, if your host is not running phpSuExec. See When to use .htaccess or php.ini files provided by BruceM on user2 list on 25 Feb 2009
PHP Security Expose
PhpSecInfo Test Information determines if the expose_php setting is enabled. provided by Henny Savenje on user2 list on 25 Feb 2009
The following provide additional security measures:
Controlling Site Access
- Permissions Explained
- Database User
- Move your configuration files
- Protecting images and files from external acess
- Move your backup files
- Move your gedcom files
- Overlaid Subroot how to recover from subroot.php overlay
- Prevent Directory Listing
- Protecting access log