Go Back   nV News Forums > Software Forums > Software Development

Newegg Daily Deals

Reply
 
Thread Tools
Old 08-04-07, 03:21 PM   #1
Logical
Registered User
 
Logical's Avatar
 
Join Date: Apr 2007
Location: UK
Posts: 2,523
Default The best security ?

What is everybodys oppinion of the best security to use on a PHP site ?

I hear Sentinel is quite good. !
Logical is offline   Reply With Quote
Old 08-04-07, 07:17 PM   #2
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: The best security ?

I actually prefer Suhosin as Stephen Esser is the developer of the extension ad was an active developer on the PHP team prior to him leaving due to PHP's lackadaisical approach to security.
evilghost is offline   Reply With Quote
Old 08-07-07, 04:51 AM   #3
wnd
Nerd, Geek, Freak
 
wnd's Avatar
 
Join Date: Sep 2005
Location: Finland
Posts: 703
Default Re: The best security ?

__________________
web | cat

Christianity, noun: The belief that a cosmic Jewish Zombie who was his own father can make you live forever if you symbolically eat his flesh and telepathically tell him you accept him as your master, so he can remove an evil force from your soul that is present in humanity because a rib-woman was convinced by a talking snake to eat from a magical tree. [mad.frog]
wnd is offline   Reply With Quote
Old 08-07-07, 05:18 AM   #4
Logical
Registered User
 
Logical's Avatar
 
Join Date: Apr 2007
Location: UK
Posts: 2,523
Default Re: The best security ?

Quote:
Originally Posted by evilghost
I actually prefer Suhosin as Stephen Esser is the developer of the extension ad was an active developer on the PHP team prior to him leaving due to PHP's lackadaisical approach to security.
Thx evilghost, i'll take a look at it.
Logical is offline   Reply With Quote
Old 08-08-07, 06:38 PM   #5
bugmeplz
*BANNED*
 
bugmeplz's Avatar
 
Join Date: Sep 2006
Posts: 427
Default Re: The best security ?

.
bugmeplz is offline   Reply With Quote
Old 08-08-07, 07:03 PM   #6
pross
 
pross's Avatar
 
Join Date: Mar 2007
Posts: 183
Default Re: The best security ?

i run suhosin and suPHP with a good set of mod_security rules... suPHP is the important thing though, it makes php run as the user who owns the files not nobody (mod_php) makes tracking spam/exploits easier.
__________________
CPU: i7 2600k @ 4.4Ghz GPU: GTX 560ti 2G SLI PPU: GTX260 RAM: 16G Corsair Vengeance MOBO: P8Z68-V PRO GEN3 BOX: Cosmos S Cooling: Corsair H100 SSD: Corsair 120G ForceGT
pross is offline   Reply With Quote
Old 09-12-07, 07:46 AM   #7
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: The best security ?

I wanted to add mod_chroot as an option as well for a layered security approach. If the webserver is compromised the system won't be if there's a properly chrooted environment.

One thing to note, PHP's mail() function depends on sendmail and/or other binary. The system() and other shell functions depend on a working shell. I statically compiled mini_sendmail for the chrooted environment. I also use busybox-static from the repo's hardlinked into the chrooted environment.
evilghost is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
The Circuit: Pandora talks radio royalties, LinkedIn hit with security breach, Nasdaq News Archived News Items 0 06-06-12 06:30 PM
Dept. of Homeland Security Forced to Release List of Keywords Used to Monitor Social News Archived News Items 0 05-27-12 01:00 AM
Ask Slashdot: Why Not Linux For Security? News Archived News Items 0 05-25-12 09:30 PM
Apple Invites Kaspersky to Improve OS X Security News Archived News Items 0 05-14-12 07:00 PM
Video: Cyber Security Defense Using HPC News Archived News Items 0 05-07-12 04:00 PM

All times are GMT -5. The time now is 08:44 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.