1

We are running a PHP application on a linux apache webserver.

How can we secure the server, so if someone finds a hole in our application, they can only get access to the application (Files inside the www folder) and not rest of the server?

How to secure for running commands like: exec('/usr/sbin/adduser –p password test')

What about read-access to config-files, log files?

/Jacob

Jacob Bach Pedersen
  • 61
  • 2
  • 8
  • You secure a server/application by following security best practices for configuration of the server and writing of the application. This question is unanswerable beyond that advice - there are literally dozens of books on this topic. If you can come up with a more focused question you can ask here or on [security.se] and we may be able to help you out... – voretaq7 Oct 25 '12 at 18:10

1 Answers1

0

Jacob, I think the best way to achieve your first goal is to use the open_basedir directive on your virtual hosts.

Take a look at http://www.php.net/manual/en/ini.core.php#ini.open-basedir: "Limit the files that can be opened by PHP to the specified directory-tree, including the file itself."

In order to disable functions, you can use the disable-functions on your php.ini http://www.php.net/manual/en/ini.core.php#ini.disable-functions: "This directive allows you to disable certain functions for security reasons."

Hope this helps.

Luis Fernando Alen
  • 540
  • 1
  • 5
  • 11