forum.coppermine-gallery.net

Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: phill104 on June 15, 2008, 09:20:50 pm

Title: [Solved]: PHP security.
Post by: phill104 on June 15, 2008, 09:20:50 pm

Slightly off topic I know but here we go.

My host complained that I was using too many resources on my shared package so I have changed companies and am using a virtual server with a great company called bytemark. Before I fully make the switch (and manage to get my head around DNS and virtual hosts ???) I want to make sure the basic PHP install is as secure as it can be.

Are there any specific PHP settings (still allowing coppermine to run) that it would be a good idea to turn on, off or adjust?

I've done a basic coppermine install in a test area ( http://coppermine.co.uk.testing.windsurf.vm.bytemark.co.uk/) and it works a treat. Having been hacked before and now having to rely on my own backups I really would like to get as secure as I can without restricting the gallery to the many users that use it.

Title: Re: PHP security.
Post by: Nibbler on June 15, 2008, 09:55:20 pm

Things that come to mind:

register_globals -> Off
allow_url_include -> Off
allow_url_fopen -> On if you use URI uploads, Off otherwise
display_errors -> Off
log_errors -> On

memory_limit and max_execution_time as low as possible without causing issues.
Any extensions you don't need shouldn't be loaded/compiled in.

File/directory permissions set as restrictive as possible for your server setup.

Keep PHP itself up to date - automatically if possibly.

Title: Re: PHP security.
Post by: phill104 on June 15, 2008, 09:59:02 pm

Cheers Nibbler. PHP will update automatically. I'll work on the others now.