yalov
asked on
Secure php on windows 2003 hosting server.
I want to secure php on windows 2003 server. It come to my mind that someone can upload a file and use it to cross sites and defacing other website.
What is the best approch in to leting site owner to use php no that server but make sure that there will not bee a case of cross sitr defacing.
I want to be able to protect agains a hacking attempt
What is the best approch in to leting site owner to use php no that server but make sure that there will not bee a case of cross sitr defacing.
I want to be able to protect agains a hacking attempt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> .. as a server administrator preavet this things from happening ..
you cannot
all parts --OS, file and process permissions, web server configuration (IIS), application server configuration (PHP), application (PHP-scripts)-- have to take care of each other,
securing the web server is just a second line of defence, securing the os the third line and so on ...
The main culprit is the PHP, I mean the programmers writing vulnerable php scripts.
As server administrator I'd configure php as restrictive as possible (probably also using a patched php, see http://www.hardened-php.net/ )
you cannot
all parts --OS, file and process permissions, web server configuration (IIS), application server configuration (PHP), application (PHP-scripts)-- have to take care of each other,
securing the web server is just a second line of defence, securing the os the third line and so on ...
The main culprit is the PHP, I mean the programmers writing vulnerable php scripts.
As server administrator I'd configure php as restrictive as possible (probably also using a patched php, see http://www.hardened-php.net/ )
ASKER