30 Jan
2013
30 Jan
'13
5:52 p.m.
Hi Michael,
On Wed, Jan 30, 2013 at 05:42:57PM +0000, Michael Stevens wrote:
So I've decideed to join the cool kids and try PHP
- in particular, I've
installed roundcube.
Well, PHP was cool 5 years ago, now it's all ruby, node.js and
clojure. :)
Is there any good info out there on securing php?
I'd quite like to not
get hacked, which seems to be a common problem with PHP web apps.
If "don't run PHP" doesn't work for you then my best advice is:
- Keep it up to date
- Run as few plugins, modules etc as possible and keep *those* up to date
- Expect to be compromised, so try to secure your PHP execution
environment from the rest of your server.
e.g. do assume that at some point an attacker will get to execute
commands as the user that is running your PHP app so try to reduce
what the app can do.
Good luck!
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting