Anson Cheung's Blog: Top 10 PHP Best Security Practices for Sys Admins
Note: This article was originally published at PHPDeveloper on 30 January 2012.
In this recent post to his blog Anson Cheung provides a set of helpful hints for sysadmins to follow when installing (or just securing) the PHP installations on their systems.
PHP is widely used for various of web development. However, misconfigured server-side scripting would create all sorts of problem. And here are php security best practices that you should aware when configuring PHP securely. Nowadays most of the web servers are operated under Linux environment (like: Ubuntu, Debian...etc). Hence, in the following article, I am going to use list top 10 ways to enhance PHP Security Best Practices under Linux environment.
His tips include:
- Reducing the built-in PHP modules
- Logging all PHP errors
- Disabling remote code execution
- Disabling dangerous PHP functions
- Write protection on Apache, PHP & MySQL configuration files