The frequent hacker attacks prove that web safety remains the most important issue for any who does the business on the Internet. Servers most often are the purposes of such attacks because of information which they store. For this reason ensuring reliable protection of the server is necessary.
Safety of PHP for Apache
Start the "phpinfo ()" protocol and check the line the open_basedir command. You can define the basic directory for all users by this command. After installation of this value, they will not have any more an opportunity to open files out of this root folder or its subdirectories as, for example, "C:\Windows".
If you have other structural directories, determine them as the basic directory by the www_root command. However one user will also be able to read and change files of other user. It needs to be prevented.
Unfortunately, there are no options in the php.ini file to prohibit one user to get access to data of another.
But there is one interesting way if PHP works at Apache. In "phpinfo ()" you will find two columns: "Major importance" and "Local value". The first is value in "php.ini". The second is a value which is defined in the course of operation of the server.
If major importance is small in a digital equivalent, then it can be changed in the script by means of the "ini_set ()" command. It does not belong to "open_basedir" because this value is critical for safety, and can be changed only by the administrator.
In Apache the configuration file "httpd.conf" can be specified in the reference book under local open_basedir value.
Other PHP settings
By means of the disable_functions installation in the php.ini file, it is necessary to turn off functions which are potentially dangerous.
Carefully consider each action. Shutdown of function means that some scripts will stop working.
Some functions are really dangerous and usually are not required for scripts. Others — can be necessary for definite purposes. Therefore not easy turn off all functions which can be dangerous, but also carefully weigh the solutions.
Do not believe in what will be enough one function "safe_mode = On". It can turn off some useful functions and not solve the security concern described above. The safe mode is not recommended in PHP 5.3.0 and is removed in PHP 6.0.0.
Protection problems
There are several errors which the web developer can allow and make the website unsafe.
For example, if you create the blog and allow users to load images, it can be serious danger when the code is written by the beginner. There are several errors which the programmer can make on the page of an input, etc. One of the most widespread – lack of the ban on loading of harmful algorithms.
Important point is that one unsafe website on a public hosting is threat for all server. Also the Open Source installation of projects as, for example, PHP Nuke can be risky. Several weak spots in similar projects were already revealed.