Hi there,
To put things simple, I'm a bit worried with php, here's why:
I don't know SHIT about securing php instalations...
I've read about hardened-php, and I wondered if someone uses it, and
how reliable and intrusive they are ( false positives interest me
especially).
Also I would like to receive input from mod_security users...from what
I understood, if that's enabled, then in a php forum I cannot
write/quote SQL code in my posts... (sql injection prevention..)
The problem is a big server, 6000 acounts with
apache+suexec+user_dir+php, on a solaris machine.
I plan to try changing config options and security settings so it
becomes a bit more hardened.
Any advices are welcome.
ps: don't "advice" me to close the server, deny funcionality, etc,
these won't do... the server exists, has the acounts and I got to live
with it...
--
Miguel Sousa Filipe
--
gentoo-security@gentoo.org mailing list
To put things simple, I'm a bit worried with php, here's why:
I don't know SHIT about securing php instalations...
I've read about hardened-php, and I wondered if someone uses it, and
how reliable and intrusive they are ( false positives interest me
especially).
Also I would like to receive input from mod_security users...from what
I understood, if that's enabled, then in a php forum I cannot
write/quote SQL code in my posts... (sql injection prevention..)
The problem is a big server, 6000 acounts with
apache+suexec+user_dir+php, on a solaris machine.
I plan to try changing config options and security settings so it
becomes a bit more hardened.
Any advices are welcome.
ps: don't "advice" me to close the server, deny funcionality, etc,
these won't do... the server exists, has the acounts and I got to live
with it...
--
Miguel Sousa Filipe
--
gentoo-security@gentoo.org mailing list