Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: [Solved]: PHP security.  (Read 2026 times)

0 Members and 1 Guest are viewing this topic.

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
[Solved]: PHP security.
« on: June 15, 2008, 09:20:50 pm »

Slightly off topic I know but here we go.

My host complained that I was using too many resources on my shared package so I have changed companies and am using a virtual server with a great company called bytemark. Before I fully make the switch (and manage to get my head around DNS and virtual hosts ???) I want to make sure the basic PHP install is as secure as it can be.

Are there any specific PHP settings (still allowing coppermine to run) that it would be a good idea to turn on, off or adjust?

I've done a basic coppermine install in a test area ( http://coppermine.co.uk.testing.windsurf.vm.bytemark.co.uk/) and it works a treat. Having been hacked before and now having to rely on my own backups I really would like to get as secure as I can without restricting the gallery to the many users that use it.
« Last Edit: June 16, 2008, 05:26:23 pm by phill104 »
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Nibbler

  • Guest
Re: PHP security.
« Reply #1 on: June 15, 2008, 09:55:20 pm »

Things that come to mind:

register_globals -> Off
allow_url_include -> Off
allow_url_fopen -> On if you use URI uploads, Off otherwise
display_errors -> Off
log_errors -> On

memory_limit and max_execution_time as low as possible without causing issues.
Any extensions you don't need shouldn't be loaded/compiled in.

File/directory permissions set as restrictive as possible for your server setup.

Keep PHP itself up to date - automatically if possibly.
Logged

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: PHP security.
« Reply #2 on: June 15, 2008, 09:59:02 pm »

Cheers Nibbler. PHP will update automatically. I'll work on the others now.
Logged
It is a mistake to think you can solve any major problems just with potatoes.
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 20 queries.