Re: Securing PHP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Nathan,

Thanks for taking the time to reply.

Yes, this is a shared server. Each (UNIX) user's home directory is thier 
domain name i.e. /home/usersdomainnamehere.com and thier http root is www 
i.e. /home/usersdomainnamehere.com/www

I am running apache 2. and mod_php. Most servers are running php 4.x right 
now, but we will be upgrading to 5 soon.

Also, apache is running suexec for perl (cgi).

When files are written via ftp and cgi they are owned by the user who logged 
in, and in both cases are limited to writing to thier home directory.

In the case of PHP, the files are owned by www.

Should I consider phpsuexec? Or will the apache directives you mentioned 
below take care of it?

-Grant

"Nathan Hawks" <nhawks@xxxxxxxxx> wrote in message 
news:1192931064.2526.30.camel@xxxxxxxxxxxxxxxxx
> Are you running a multi-user hosting service?
>
> If so you can create include files on a per-user or per-domain basis.
> Use the Apache config directive php_value to set your include_path and
> open_basedir appropriately for each account; and other options as
> desired.
>
> I don't know of a particular site, but that is the config framework that
> Plesk uses.
>
> As for building PHP, make sure you run the testing battery ('make test'
> after you 'make' and before you 'make install') in order to see how
> 'hardened' your build is.
>
>
>
> On Sat, 2007-10-20 at 21:00 -0400, Grant wrote:
>> Hi all,
>>
>> You've all likely heard this before...."I was hacked..." , "Had register
>> globals on..." etc etc.
>>
>> Well, this is true of me as well.
>>
>> Does anyone know of a site that would help a semi professional lock down
>> php, i.e.
>>
>> Perhaps how to install phpsuexec,
>>
>> Jail users to only have the ability to read/write to thier own files and
>> directories,
>>
>> php.ini directives that have simiar affect as mentioned above.
>>
>> Any help appreciated.
>>
>> -Grant
>> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux