Security and Save Mode

Security

PHP can be used to build complete server applications, with all the power of a shell user: access files, execute commands, open network connections, etc.
Or it can be used for simple server-side includes with little risk in a tightly controlled environment.

How secure it is, is largely up to the PHP developer.

PHP is designed specifically to be a more secure language for writing CGI programs than Perl or C, and with correct selection of compile-time and runtime configuration options, and proper coding practices.

PHP Installed as an Apache module

A frequent security mistake made at this point is to allow apache root permissions, or to escalate Apache's abilities in some other way.
Escalating the Apache user's permissions to root is extremely dangerous and may compromise the entire system.
Instead by using open_basedir you can control and restrict what directories are allowed to be used for PHP. You can also set up apache-only areas, to restrict all web based activity to non-user, or non-system, files.

Keeping Current

PHP, like any other large system, is under constant scrutiny and improvement. Each new version will often include both major and minor changes to enhance and repair security flaws, configuration mishaps, and other issues that will affect the overall security and stability of your system.

The best approach is to update often, and maintain awareness of the latest versions and their changes.

Database Security

When PHP is used as an Apache module it inherits Apache's user permissions (typically those of the "nobody" user). This has several impacts on security and authorization.
If you are using PHP to access a database, unless that database has built-in access control, you will have to make the database accessible to the "nobody" user. This means a malicious script could access and modify the database, even without a username and password.
It is possible that a web spider could stumble across a database administrator's web page, and drop all of your databases. You can protect against this with Apache authorization, or you can design your own access model using LDAP, .HT access files, etc. and include that code as part of your PHP scripts.

Safe Mode

The PHP safe mode is an attempt to solve security problems.

When safe_mode is on, PHP disables some functions and adds checks, for example, if the owner of the current script matches the owner of the file to be operated on by a file function.
Functions restricted/disabled by safe mode.

Security and Safe Mode Configuration Directives (you can set them in the php.ini file or during runtime with the ini_set() function):

safe_mode boolean:
Whether to enable PHP's safe mode.

safe_mode_gid boolean:
By default, Safe Mode does a UID compare check when opening files. If you want to relax this to a GID compare, then turn on safe_mode_gid.

safe_mode_include_dir string:
UID/GID checks are bypassed when including files from this directory and its subdirectories (directory must also be in include_path or full path must including).

safe_mode_exec_dir string:
If PHP is used in safe mode, system() and the other functions executing system programs refuse to start programs that are not in this directory. safe_mode_allowed_env_vars string

safe_mode_protected_env_vars string:
This directive contains a comma-delimited list of environment variables that the end user won't be able to change using put env(). These variables will be protected even if safe_mode_allowed_env_vars is set to allow to change them.

open_basedir string:
Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

disable_functions string:
This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_functions is not affected by Safe Mode.
This directive must be set in php.ini For example, you cannot set this in httpd.conf.