Best practices for PHP configuration on shared server

Question

Possible Duplicate:
Tips for Securing a LAMP Server

On a Linux based server, what are some of the best practices for securing PHP?

What functions should be disabled (ex. exec, exec_shell, system)?

score 1 · Accepted Answer · answered Nov 12 '11 at 15:15

1

Use suhosin - http://www.hardened-php.net/
Run PHP in cgi/fastcgi mode
If multiple users are using your webserver, make sure each user's php-cgi processes are spawned under a different (unprivileged) uid/gid pair from its neighbour

answered Nov 12 '11 at 15:15

Guillaume

26
1

score 0 · Answer 2 · answered Nov 12 '11 at 19:52

mod_php is not a solution because all PHP processes run with the same UID and access rights.

I use suPHP for a shared server. That way all users have their own system accounts and every PHP process is run with their own UID. --> Pro: users have restricted access and are isolated from each other. Con: less performance because it is basically a CGI model.

Stuart Herbert had a blog series about on this and other PHP setup solutions.

Best practices for PHP configuration on shared server

2 Answers2