I already have a machine with SSL/TLS-ready Apache running, now I need to be able to secure PHP, my favourite scripting language ;)
This useful little tutorial uses chroot and mod_security to achieve this.
http://www.securityfocus.com/infocus/1706
I'm testing this in combination with PHP scripting, to make my web-2.0 applications more secure, and when I'm satisfied with my setup of secured backends, I'll start using PHP in combination with Javascript and AJAX to make my apps more dynamic with regards to user-input and interaction. My whole point of this personal adventure is to maybe develop a content-management system that is a little more resistant to cross-site scripting and SQL-injections.
This is made possible by holding the apache-server and the PHP-backend in a chroot-jail, additionally secured by using mod_security as a web-firewall and not allowing HTTP headers with direct script execution and SQL manipulation.
As web-security gets more and more focus, I'm inspired to do my part in contributing to safer and more worry-free web environments. I'm not a programming guru, nor am I a security expert, but I understand the principles and concepts, so I just want to do my part as best as I can ;)
02 March, 2008
Securing PHP
Post labels:
Computer
,
networking
,
programming
,
web-services
Subscribe to:
Post Comments
(
Atom
)
0 kommentarer :
Post a Comment