Securing PHP webservers
PHP applications have a reputation for higher than average security problems. What configuration techniques do you use for making sure the application is secure as possible ?
I’m looking for ideas like:
- Using Hardened PHP/Suhosin
- Using mod_security
- Disabling register_globals and allow_url_fopen in php.ini
I normally use Linux, but feel free to suggest Windows solutions too.
By David Pashley?
How To Secure /tmp and /dev/shm partition
Keep you server clean of rookits is a good idea to get a good security level. A sysadministrator can create a seperate partition for /tmp and mount it with noexec and nosuid parameters. And to do it is not necessary to reboot or repartition your drive.
1. First you should secure /tmp:
Read more…