Own server, multiple website: most secure PHP setup

Posted by plua on Server Fault See other posts from Server Fault or by plua
Published on 2011-01-03T18:47:24Z Indexed on 2011/01/03 18:55 UTC
Read the original article Hit count: 292

Filed under:
|
|
|

Hi there,

We have a company server with a variety of websites. They are maintained by different people from within our company. All websites are public. The server access is limited to our company only. This is NOT a shared hosting environment.

We are looking into securing the server, currently analyzing the risk related to permissions of files. We feel the highest risk is when files are uploaded and then opened/executed by the public. This should not happen, but an error in a script might allow people to do so (there are image uploaders, file uploaders, etc). Uploader scripts use PHP.

So the question is: what is the best way of setting / organizing permissions of files and processes? There seem to be several options to run PHP (and Apache), and setting the permissions. What should we take into consideration? Any tips?

We are considering mod_php and FastCGI, but perhaps given our situation other solutions are preferred?

© Server Fault or respective owner

Related posts about apache

Related posts about php