$Id: README.txt,v 1.11.4.2 2007-08-03 20:29:27 swentel Exp $

IMPORTANT
---------

PHP5 only! (5.2.x recommended) Like Drupal, I also support the gophp5.org initiative.
(http://gophp5.org/). See also the php4 end of life announcement on php.net.

DESCRIPTION
-----------

This module adds an extra security layer to Drupal and recognizes (most)
malicious input. It always logs the impact and can send out mail or redirect 
to a warning page after a certain level of impact was reached if you want to.
User 1 is always ignored (unless someone really thinks otherwise) and anonymous users 
are always monitored.

INSTALLATION
------------

Download the latest PHPIDS package from http://www.phpids.org. Note, this will
only work with the PHP5 version! Unpack the tar/zip and move the IDS directory
package/lib/ to the module directory of phpids. 

CONFIGURATION AND TESTING
-------------------------

After that, enable the module and surf to the settings page on
http://yourdrupal/?q=admin/logs/phpids/settings and change the default
settings to your needs.

Test if PHPIDS starts logging (not as user 1!)

* normal log level
  http://yourdrupal/?q=admin/logs/phpids&test=">XXX
* mail level - if you filled in an email
  http://yourdrupal/?q=admin/logs/phpids&test=">XXX<"><script>
* warning level - redirects the (anonymous) user
  http://yourdrupal/?q=admin/logs/phpids&test=<script>alert('hi')</script>

BUGS, REQUESTS 
--------------

http://drupal.org/project/phpids

TODO / FEATURES
---------------

* currently, $_GET & $_POST are monitored. Do we need to check on other global
  vars or is this enough ?
* pgsql statements
* Settings  - auto block IP/user after huge level (81)
            - user roles - level monitoring
            - input formats
            - more ?