nV News Forums

 
 

nV News Forums (http://www.nvnews.net/vbulletin/index.php)
-   Software Development (http://www.nvnews.net/vbulletin/forumdisplay.php?f=53)
-   -   The best security ? (http://www.nvnews.net/vbulletin/showthread.php?t=96062)

Logical 08-04-07 03:21 PM

The best security ?
 
What is everybodys oppinion of the best security to use on a PHP site ?

I hear Sentinel is quite good. !

evilghost 08-04-07 07:17 PM

Re: The best security ?
 
I actually prefer Suhosin as Stephen Esser is the developer of the extension ad was an active developer on the PHP team prior to him leaving due to PHP's lackadaisical approach to security.

wnd 08-07-07 04:51 AM

Re: The best security ?
 
http://wnd.katei.fi/t/wire_cutters.jpeg

Logical 08-07-07 05:18 AM

Re: The best security ?
 
Quote:

Originally Posted by evilghost
I actually prefer Suhosin as Stephen Esser is the developer of the extension ad was an active developer on the PHP team prior to him leaving due to PHP's lackadaisical approach to security.

Thx evilghost, i'll take a look at it. :)

bugmeplz 08-08-07 06:38 PM

Re: The best security ?
 
.

pross 08-08-07 07:03 PM

Re: The best security ?
 
i run suhosin and suPHP with a good set of mod_security rules... suPHP is the important thing though, it makes php run as the user who owns the files not nobody (mod_php) makes tracking spam/exploits easier.

evilghost 09-12-07 07:46 AM

Re: The best security ?
 
I wanted to add mod_chroot as an option as well for a layered security approach. If the webserver is compromised the system won't be if there's a properly chrooted environment.

One thing to note, PHP's mail() function depends on sendmail and/or other binary. The system() and other shell functions depend on a working shell. I statically compiled mini_sendmail for the chrooted environment. I also use busybox-static from the repo's hardlinked into the chrooted environment.


All times are GMT -5. The time now is 10:22 PM.

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.