Hi, I'm looking for good and complete documentation about hardening a PHP box which is going to be used to offer hosting services. The machine will have Apache + PHP with VirtualDomains. Assuming Apache config is secure, which aspects would be affected for the activation of php module?
I'd like a have a look to a complete php.ini checklist. I've been doing some basic research and I found useful some tips: - safe_mode on (solves remote execution of arbitrary code) - open_basedir "./" (solves browsing HD' server problem) - some limits like memory or CPU time used by a given php script - disable fsockopen and pfsockopen (solves the problem in launching a connect to remote hosts from the PHP/web server). Regarding last point, is there any php.ini option to disable ALL (at the same time) PHP dangerous network commands such as fsockopen? Any more clues? Any help would be greatly appreciated. Thanks in advance. Saludos, --Roman -- PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
