PDA

View Full Version : suphp is more safe than safe mode=on ?



PauGasol
12-03-2007, 08:46 AM
Hi,

We are using two boxes with apache2, mysql5 and php5 as cgi with php . Without mod_security and safe_mode in off. Is this envairoment safe ? Could be an attack that modify all the index.html for example in ther server as in the past when you had the safe mode off in php4 and apache1 ?

Thanks

ccto
12-07-2007, 07:14 PM
Yes, it is supposed to be safer to use php in cgi mode instead of apache mode, as

- the php program will run as the user identity, which will be secured by Linux built-in user account management (we think a ordinary linux user account cannot root your server easily, right?)

- php safe mode + user_basedir are also a secure way, but it impose some php safe-mode restriction to end-user.

---

However of course, it is recommended to install mod_security to filter some unnecessary request.

Randy
12-07-2007, 07:34 PM
There are other ways to secure youre server too. Chmod 'wget', 'telnet', etc to 700 (root only), disable the dl() [default since php 5.2.5], system(), exec(), system_exec(), functions, Set allow_url_fopen to 'off'. (users should use curl), use the suhosin plugin, etc.

And instead of CGI, use fastCGI if possible. Normal CGI is quite slow.

PauGasol
12-08-2007, 06:24 AM
There are other ways to secure youre server too. Chmod 'wget', 'telnet', etc to 700 (root only), disable the dl() [default since php 5.2.5], system(), exec(), system_exec(), functions, Set allow_url_fopen to 'off'. (users should use curl), use the suhosin plugin, etc.

And instead of CGI, use fastCGI if possible. Normal CGI is quite slow.

Thanks to all.

Install Custombuild the fastCGI when you choose php5 as cgi with suphp? Im not sure in the phpinfo shows :

Server API CGI/FastCGI

I saw the web loads very well.

Thanks again

PauGasol
12-08-2007, 07:45 AM
Im not sure of suphp security... why is possible that any user could read all the files in ther server ? More examples : http://www.directadmin.com/forum/showthread.php?t=20811

DirectAdmin Support
12-20-2007, 02:28 PM
http://help.directadmin.com/item.php?id=183