PDA

View Full Version : The best security ?


Logical
08-04-07, 03:21 PM
What is everybodys oppinion of the best security to use on a PHP site ?

I hear Sentinel is quite good. !

evilghost
08-04-07, 07:17 PM
I actually prefer Suhosin as Stephen Esser is the developer of the extension ad was an active developer on the PHP team prior to him leaving due to PHP's lackadaisical approach to security.

wnd
08-07-07, 04:51 AM
http://wnd.katei.fi/t/wire_cutters.jpeg

Logical
08-07-07, 05:18 AM
I actually prefer Suhosin as Stephen Esser is the developer of the extension ad was an active developer on the PHP team prior to him leaving due to PHP's lackadaisical approach to security.

Thx evilghost, i'll take a look at it. :)

bugmeplz
08-08-07, 06:38 PM
.

pross
08-08-07, 07:03 PM
i run suhosin and suPHP with a good set of mod_security rules... suPHP is the important thing though, it makes php run as the user who owns the files not nobody (mod_php) makes tracking spam/exploits easier.

evilghost
09-12-07, 07:46 AM
I wanted to add mod_chroot as an option as well for a layered security approach. If the webserver is compromised the system won't be if there's a properly chrooted environment.

One thing to note, PHP's mail() function depends on sendmail and/or other binary. The system() and other shell functions depend on a working shell. I statically compiled mini_sendmail for the chrooted environment. I also use busybox-static from the repo's hardlinked into the chrooted environment.