Lem0nHead
06-07-2004, 04:37 PM
Hello
I work with dedicated servers for almost an year now and I'm Linux lab monitor on my university. My main focus is on security, and a few days ago I started to write an article about PHP security on shared hostings.
Since PHP is usually configured to run as Apache module, admins should deal with a big issue: PHP scripts will be run as the same user as Apache.
When no care is taken, one user can be reading other users files and sometimes even being able to change them.
My article will cover methods to secure your PHP, giving its pros and cons:
- phpsuexec
- safemode
- open_basedir
- mod_userdir (yes, do you think PHP has nothing to do with that? ;))
It also teachs one way (that took me some days reading many manuals and making many tests to realize) to secure your PHP without breaking many scripts. I'm testing this method for 1 week on a shared hosting with more than 100 clients and just one of them complained about script stopping working (that was a script that he has done). I got to make his script work without needing to change the script nor the global PHP security - and without giving the user privileges that other users doesn't have!
As I stated firstly, I just started to write the article. My idea is to sell this to dedicated hosting sellers so people who buy from you will have a good knowledge to protect their server from many "local attacks", protecting your network.
I still don't know if the article will be "exclusive" or "shared": It depends on the offers and the number of the people interested on buying it.
If you are interested, please contact me by PM or ICQ: 25541891 for more information.
I work with dedicated servers for almost an year now and I'm Linux lab monitor on my university. My main focus is on security, and a few days ago I started to write an article about PHP security on shared hostings.
Since PHP is usually configured to run as Apache module, admins should deal with a big issue: PHP scripts will be run as the same user as Apache.
When no care is taken, one user can be reading other users files and sometimes even being able to change them.
My article will cover methods to secure your PHP, giving its pros and cons:
- phpsuexec
- safemode
- open_basedir
- mod_userdir (yes, do you think PHP has nothing to do with that? ;))
It also teachs one way (that took me some days reading many manuals and making many tests to realize) to secure your PHP without breaking many scripts. I'm testing this method for 1 week on a shared hosting with more than 100 clients and just one of them complained about script stopping working (that was a script that he has done). I got to make his script work without needing to change the script nor the global PHP security - and without giving the user privileges that other users doesn't have!
As I stated firstly, I just started to write the article. My idea is to sell this to dedicated hosting sellers so people who buy from you will have a good knowledge to protect their server from many "local attacks", protecting your network.
I still don't know if the article will be "exclusive" or "shared": It depends on the offers and the number of the people interested on buying it.
If you are interested, please contact me by PM or ICQ: 25541891 for more information.