[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php [SOLVED, sorta]



On Oct 15, 2011, at 4:41 AM, Raf Czlonka wrote:

> On Fri, Oct 07, 2011 at 06:24:46PM BST, Glenn English wrote:
>> I don't do php on my web server because I was told of huge security problems in it -- and until I turned off the php interpreter in Apache, I got many break in attempts involving phpAdmin and such.
>> 
>> Do any of you know of a similar package in, say, Perl or Python? Or can anyone convince me that php is safe?
> 
> The system is as safe and secure as its administrator allows it to be.
> Hardly anything is secure out of the box, even the default OpenBSD
> install had two remote holes over the years.
> Scott already gave you the advice you need.
> Rule of thumb: only allow access to the bare minimum from the outside
> world.

Thanks to the list for the advice. 

Since the guy who wants a WordPress site is a friend and an MD who has done a whole lot for me over the past few years, I'm going to allow it on my server -- with the agreement that if any sign of trouble appears, the site and everything having to do with PHP goes.

I've learned a lot in this past week, so I'm going to bypass their "5 minute install" and go with the Debian package and a whole lot of security measures.

> Good luck,

Thanks, and I hope I don't need it...

-- 
Glenn English




Reply to: