Am setting up a VPS for one of my clients, and wondering about “security” and “PHP”…
I know that for MySQL, the manual gives lots of tips on things to do to make things more secure. For example, MySQL recommends that you never run mysqld as the Linux Root user.
Does a similar concept exist for PHP?
In addition, are there any other obvious things that need to be modified on the server to make sure that PHP is running securely?
I guess I never really thought about any of this as a developer until now!
What user PHP is running as is important. FastCGI allows you run each website under a different user, which obviously is beneficial on shared hosts as Apache/PHP must have access to user1 and user2’s files in order to serve them… so in this set up if httpd is running as a single user then user1 can access user2’s files via PHP.
Mostly depends on whether you are the only one uploading or if others can upload as well. If others can upload I would definitely spends some time here to make sure it’s air tight. Check the file that it doesn’t contain PHP (not just by checking the extension, but by checking the mime type as well), open uploaded images and save them again with GD to make sure any and all crap that was in the file is stripped, etc
BTW, is there such a thing as “PHP Root”? In other words, does PHP have user-types?
For example, MySQL has user-types, and there you would not only not want to run MySQL under Linux-Root, but you would also want to make sure that scripts connecting to the database always connect using a non MySQL-Root user.
Since I don’t have Root access on my VPS, I don’t think I could get to that location.
Could I instead log things to somewhere in my Home Directory, but yet outside of the Web Root?
Thanks.
Yeah, well my upload script is like 1,500 lines long and does about 15 checks. In fact, I don’t think there is any physical way to check any more than I have, because I have exhausted every PHP option in the Manual there is!!
In an ideal world I would have made it so people uploaded outside of the Web Root, but back when I wrote my upload script, I didn’t really know much about doing things outside of the Web Root.
That being said, for my next version, I will try and make those changes.
In the mean time, could you help me better understand how that would work?
Let’s say you created a profile on my client’s website and wanted to upload your picture/thumbnail. And my upload script still did all of its checks but this time saved it to the “outside_of_web-root” directory.
How would my web pages and scripts inside the Web Root access your newly uploaded picture outside of teh Web Root?
Via a PHP script in the your webroot that opens and streams the image to the user. There are pros and cons here, and it’s a very complicated and exhausive topic that deserves its own topic where multiple people can chime in (hint hint ;))