RawJi
10-26-2003, 09:38 PM
Hi Everyone @ PHPBuilder...
I'm currently setting up a web-server, and I just wanted to get everyone's input and personal experiences about security considerations when using PHP in CGI mode...
My setup is as follows:
- Gentoo Linux 1.4
- Apache 1.3.27
- PHP 4.3.3
I'm using suPHP (http://suphp.org) , so that PHP scripts and pages can be run without permissions on files having to allow execution, and also, so PHP scripts don't require '#!/path/to/php' at the begining of every file. The main reason I'm using it is so SuExec can run the scripts as the files owner.
Now my questions:
- What security issuses should I consider?
- What would be the benefits/drawbacks of running PHP in safe mode?
- Is there anyway of configuring PHP so that it may not read files outside of a given users directory?
- Do you have any stories relating to security issuses with PHP in CGI mode?
- Any thing else you would like to point out?
Thanks in advance.
Regards,
RawJi
I'm currently setting up a web-server, and I just wanted to get everyone's input and personal experiences about security considerations when using PHP in CGI mode...
My setup is as follows:
- Gentoo Linux 1.4
- Apache 1.3.27
- PHP 4.3.3
I'm using suPHP (http://suphp.org) , so that PHP scripts and pages can be run without permissions on files having to allow execution, and also, so PHP scripts don't require '#!/path/to/php' at the begining of every file. The main reason I'm using it is so SuExec can run the scripts as the files owner.
Now my questions:
- What security issuses should I consider?
- What would be the benefits/drawbacks of running PHP in safe mode?
- Is there anyway of configuring PHP so that it may not read files outside of a given users directory?
- Do you have any stories relating to security issuses with PHP in CGI mode?
- Any thing else you would like to point out?
Thanks in advance.
Regards,
RawJi