Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: [Solved]: PHP security.  (Read 2029 times)

0 Members and 1 Guest are viewing this topic.

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
[Solved]: PHP security.
« on: June 15, 2008, 09:20:50 pm »

Slightly off topic I know but here we go.

My host complained that I was using too many resources on my shared package so I have changed companies and am using a virtual server with a great company called bytemark. Before I fully make the switch (and manage to get my head around DNS and virtual hosts ???) I want to make sure the basic PHP install is as secure as it can be.

Are there any specific PHP settings (still allowing coppermine to run) that it would be a good idea to turn on, off or adjust?

I've done a basic coppermine install in a test area ( http://coppermine.co.uk.testing.windsurf.vm.bytemark.co.uk/) and it works a treat. Having been hacked before and now having to rely on my own backups I really would like to get as secure as I can without restricting the gallery to the many users that use it.
« Last Edit: June 16, 2008, 05:26:23 pm by phill104 »
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Nibbler

  • Guest
Re: PHP security.
« Reply #1 on: June 15, 2008, 09:55:20 pm »

Things that come to mind:

register_globals -> Off
allow_url_include -> Off
allow_url_fopen -> On if you use URI uploads, Off otherwise
display_errors -> Off
log_errors -> On

memory_limit and max_execution_time as low as possible without causing issues.
Any extensions you don't need shouldn't be loaded/compiled in.

File/directory permissions set as restrictive as possible for your server setup.

Keep PHP itself up to date - automatically if possibly.
Logged

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: PHP security.
« Reply #2 on: June 15, 2008, 09:59:02 pm »

Cheers Nibbler. PHP will update automatically. I'll work on the others now.
Logged
It is a mistake to think you can solve any major problems just with potatoes.
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 20 queries.