[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Securing PHP?

Subject: Re: Securing PHP?
From: Axel Luttgens <email@hidden>
Date: Sat, 07 Jan 2006 00:19:59 +0100
Delivered-to: email@hidden
Delivered-to: email@hidden
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2

Christian Enqvist wrote:

[...]

I´m just practical. If i buy a OS and then have to recompile
everything to make it secure or up to date it makes me wonder why i
spent the license fee for the software in the first place.

The problem isn't with PHP as provided with the OS. On the contrary, it is a pretty well secure version, which doesn't require recompiling at every moment just for the sake to be safe. The real question is to have a good understanding of how Apache's configuration and PHP interact; PHP by itself is just an inactive piece of code: as far as web serving is concerned, it comes to existence thru Apache.


I dont know about you buy i wouldnt like to host a couple of hundred
customers with the shipping version of PHP.

You were initially speaking about a couple of customers, not a couple of hundred customers. That said, the default config of Apache on Mac OS may require a combination of: PHP's safe mode PHP's open base dir to achieve a total independence for your customers. Such settings may be server wide or customized thru tuned Apache settings (being it at the whole server level, thru virtual hosts or thru .htacces files: just your choice), or even a comination of both.

Now, should some of your customer really need access to some PHP functions allowing system calls (which tend to be prohibited by PHP's safe mode), you may even consider multiple Apache master processes; again, this is not a matter of recompilation, just a matter of configuration.


I´m just trying to learn here, and any input or points in the right
direction are welcome.


Again,

   <http://www.php.net/manual/en/security.php>

should be a good starting point; after all, those pages have been written by people who should know about PHP... ;-)

HTH,
Axel
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

References:
	>Securing PHP? (From: Christian Enqvist <email@hidden>)
	>Re: Securing PHP? (From: Christian Enqvist <email@hidden>)

Prev by Date: Re: Migrating users from Panther to Tiger
Next by Date: Re: Migrating users from Panther to Tiger
Previous by thread: Re: Securing PHP?
Next by thread: Re: Securing PHP?
Index(es):
- Date
- Thread

Home