Hi, I am setting a shared hosting server and I'd like to gather some advices regarding the security. Since the code will not be produced by me I'd like to focus on environment strategies. For now I've added a noexec in the mount options of the /tmp and the homedir of the web server, disabled the devel tools (such as gcc). In terms of the PHP I am inclined to use mod_suPHP to avoid having the problem with the script generated files (such as uploads) being owned by the webserver itself and I'd like to use the available php.ini options to try to make it harder for an attacker to cause problems. I will disable the register_globals and the allow url fopen. But what else can I do (open_basedir/doc_root/safe_mode etc)? I need to allow the user to access the pear classes. Using linux/php 5.2.x Regards.
