suphp is more safe than safe mode=on ?

PauGasol

Verified User
Joined
Feb 3, 2004
Messages
166
Hi,

We are using two boxes with apache2, mysql5 and php5 as cgi with php . Without mod_security and safe_mode in off. Is this envairoment safe ? Could be an attack that modify all the index.html for example in ther server as in the past when you had the safe mode off in php4 and apache1 ?

Thanks
 
Yes, it is supposed to be safer to use php in cgi mode instead of apache mode, as

- the php program will run as the user identity, which will be secured by Linux built-in user account management (we think a ordinary linux user account cannot root your server easily, right?)

- php safe mode + user_basedir are also a secure way, but it impose some php safe-mode restriction to end-user.

---

However of course, it is recommended to install mod_security to filter some unnecessary request.
 
There are other ways to secure youre server too. Chmod 'wget', 'telnet', etc to 700 (root only), disable the dl() [default since php 5.2.5], system(), exec(), system_exec(), functions, Set allow_url_fopen to 'off'. (users should use curl), use the suhosin plugin, etc.

And instead of CGI, use fastCGI if possible. Normal CGI is quite slow.
 
Last edited:
There are other ways to secure youre server too. Chmod 'wget', 'telnet', etc to 700 (root only), disable the dl() [default since php 5.2.5], system(), exec(), system_exec(), functions, Set allow_url_fopen to 'off'. (users should use curl), use the suhosin plugin, etc.

And instead of CGI, use fastCGI if possible. Normal CGI is quite slow.

Thanks to all.

Install Custombuild the fastCGI when you choose php5 as cgi with suphp? Im not sure in the phpinfo shows :

Server API CGI/FastCGI

I saw the web loads very well.

Thanks again
 
Back
Top