Own server, multiple website: most secure PHP setup
Posted
by
plua
on Server Fault
See other posts from Server Fault
or by plua
Published on 2011-01-03T18:47:24Z
Indexed on
2011/01/03
18:55 UTC
Read the original article
Hit count: 292
Hi there,
We have a company server with a variety of websites. They are maintained by different people from within our company. All websites are public. The server access is limited to our company only. This is NOT a shared hosting environment.
We are looking into securing the server, currently analyzing the risk related to permissions of files. We feel the highest risk is when files are uploaded and then opened/executed by the public. This should not happen, but an error in a script might allow people to do so (there are image uploaders, file uploaders, etc). Uploader scripts use PHP.
So the question is: what is the best way of setting / organizing permissions of files and processes? There seem to be several options to run PHP (and Apache), and setting the permissions. What should we take into consideration? Any tips?
We are considering mod_php and FastCGI, but perhaps given our situation other solutions are preferred?
© Server Fault or respective owner