Five simply rules !
Date: Monday, June 12 @ 11:34:34 CEST
Topic: Security


Five simply APACHE/PHP/MYSQL rules that can help with security issues !

Top Apache-PHP-*SQL Security Issue:

1) allow_fopen_url = On
This is a default php.ini settings.
Whether to allow the treatment of URLs (like http:// or ftp://) as files.
It permits the remote execution of php script !
If you don't need to fopen/include remote file, set it to OFF.

2) Disable php method like: system();

3) Install mod_security with anti-SQL Injection regex.
mod_security automatically do an euristic check against malicious GET/POST request.

4) Use the php openbase_dir directive.

5) Chroot Apache

This five rules can help a lot !
But they only remain always perimetral defense.
Fix the code is always the better choice.

Good Luck

Francesco Marasco
Chief Technology Officer

Together Team s.r.l.
Via Torino, 34 - Rende (CS) 87036
Italy






This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=5529