Let's discuss PHP security in shared systems

Discussion in 'PHP' started by cmanns, Aug 8, 2011.

  1. cmanns

    cmanns Well-Known Member

    So far we use PHP5.2 (Could mostly use 5.3 but it's not much of any difference)

    We got the realpathcache fix for when open_basedir is enabled.

    Open_basedir is enabled as mentioned

    XCache is installed and php is set to spawn children processes by it's self not controlled by lsws (Which was suggested for dedicated env's however it has no issue on our 40+ account of busy alexa ranking php sites)

    So like, what do you guys add to beef up security without dicking up performance and reliability? Openbasedir was a pain in the woo woo, messed up stuff for awhile, eventually got it good and noticed higher resource, got realpathcache, seems to be just as secure as w/out realpath which means perf loss.

    I'm looking into per-user php.ini next and letting them adjust certain php.ini but not override some. Any of this possible? :rolleyes:

Share This Page