HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: Kristian Köhntopp (kk <email protected>)
Date: 10/20/00

• Next message: mybugreports <email protected>: "[PHP-DEV] PHP 4.0 Bug #7364: Apache doesn't send .html or .php but does send graphics/.txt when php loaded"
• Previous message: Hartmut Holzgraefe: "Re: [PHP-DEV] A proposal regarding function naming, aliasesandsuch"
• In reply to: Andi Gutmans: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
• Next in thread: Andi Gutmans: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
• Reply: Andi Gutmans: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
• Reply: Jason Greene: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
• Reply: Ron Chmara: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andi Gutmans wrote:
> I think it should be done on the user level like you
> pointed out below. We could put such a suggestion in
> the manual (to run with env -i).

This is by far not enough. If you are going to
put a chapter on safe deployment policies into
the manual, you need to differentiate along
Windows and Unix systems, and along CGI and
module versions of PHP. You'd want to talk about
properties and limitations of safe_mode, about
Unix process limits such as setrlimit and chroot,
about typical additional safeguards for system
security such as "env -i", "suexec replaced by
sbox, using chroot", about the need to differentiate
anonymous root (http docroot) vs. authenticated root
(ftp chroot, being one level ABOVE docroot in order
to make directories without unauthenticated access
available) and the need to store logfiles and
configuration files outside of docroot.

Also, there should be talk about secure PHP programming,
touching not only system level security as above,
but also application level security. The section should
be talking about control flow analysis, tainted variables,
input validation with regexp and other stuff, avoiding
register_globals = On in order to facilitate that, writing
programs in PHP normal form, event driven programming
and validation methods and finally designing secure and
ergonomic URLs for your application access...

You could, on the other hand, just buy the book by Till
and Tobias, which already covers most of this.

Kristian

-- 
Kristian Köhntopp, NetUSE AG Siemenswall, D-24107 Kiel
Tel: +49 431 386 436 00, Fax: +49 431 386 435 99
Using PHP3? See our web development library at http://phplib.netuse.de/
-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: mybugreports <email protected>: "[PHP-DEV] PHP 4.0 Bug #7364: Apache doesn't send .html or .php but does send graphics/.txt when php loaded"
• Previous message: Hartmut Holzgraefe: "Re: [PHP-DEV] A proposal regarding function naming, aliasesandsuch"
• In reply to: Andi Gutmans: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
• Next in thread: Andi Gutmans: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
• Reply: Andi Gutmans: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
• Reply: Jason Greene: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
• Reply: Ron Chmara: "Re: [PHP-DEV] why the damn phpinfo() is so talkative? + answers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]