Hardening PHP
Run As The User Instead of “nobody” . You can run PHP as the user (like CGI scripts do with Apache’s suexec)
Enable suPHP
PHP scripts are executed by the user who owns the VirtualHost serving the request.
Use Hardening Tools Like phpsuhosin
Remove Insecure Scripts
Apache directives like php_value are not valid for mod_suphp. It is possible to place a php.ini file in the directory containing the PHP script and specify these types of values in it.
For PHP scripts to execute, permissions of 0400 are sufficient. Scripts are run as the user who owns the VirtualHost, and as long as this user has permissions sufficient to write to a file/directory, PHP scripts will also have the ability to do so. Mod_SuPHP performs various security checks before executing PHP scripts. Most can be disabled in Mod_SuPHP configuration file located at /opt/suphp/etc/suphp.conf
No comments:
Post a Comment