30 Jan
2013
30 Jan
'13
7:27 p.m.
On 30/01/2013 17:42, Michael Stevens wrote:
So I've decideed to join the cool kids and try PHP
- in particular, I've
installed roundcube.
Is there any good info out there on securing php? I'd quite like to not
get hacked, which seems to be a common problem with PHP web apps.
Despite the general PHP-dislike in the responses, I've happily run PHP
on my server without issue and, while I run SquirrelMail rather than
Roundcube (although I understand that Roundcube is more interactive and
has a nicer interface), I use suhosin, a basic setup of mod_security,
along with fail2ban and use the ITK MPM for Apache instead of prefork -
this enables me to run the VirtualHosts as different users limiting the
scope for compromise, or ensuring that the user does not have any write
permissions.
Gavin