I am setting a shared hosting server and I'd like to gather some advices
regarding the security. Since the code will not be produced by me I'd like
to focus on environment strategies.
For now I've added a noexec in the mount options of the /tmp and the homedir
of the web server, disabled the devel tools (such as gcc).
In terms of the PHP I am inclined to use mod_suPHP to avoid having the
problem with the script generated files (such as uploads) being owned by the
webserver itself and I'd like to use the available php.ini options to try to
make it harder for an attacker to cause problems.
I will disable the register_globals and the allow url fopen. But what else
can I do (open_basedir/doc_root/safe_mode etc)?
I need to allow the user to access the pear classes.
Using linux/php 5.2.x