PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

PHP-Code.net: Securing PHP Apps Part III - Securing PHP on the server/Securing MySQL & Apache

Note: This article was originally published at PHPDeveloper on 15 October 2010.
PHPDeveloper

PHP-Code.net has posted the third part of their series looking at ways you can help to secure your PHP-based application. This time, though, the focus is all on the server side - Apache/MySQL/etc.

This is the last part of this tutorial where I tell you a few things about securing PHP on the server, about securing MySQL and Apache. [...] Also, you have to keep in mind that you must know on what operating system your server runs in (UNIX, Linux, Mac OS or Windows) because this has to be secured too. This article is not intended to present this step, but I thought that is good to know that too.

He starts the article with a few tips on shopping for a web host (if you don't already have one, of course) including encouraging the web host's admins to keep up with patches and apply them quickly. He includes a few helpful hints on securing the Apache side of things like setting ServerSignature to Off and ServerTokens to Prod. For MySQL his tips include updating to the latest version and for PHP, using the Suhosin patch to ensure some of the major issues caused by insecure PHP programming can be covered.