[Klug-general] Apache, PHP and MySQL security (Fairly long post!)
MacGyveR
macgyver at thedumbterminal.co.uk
Sat Jan 6 22:12:21 GMT 2007
On Saturday 06 Jan 2007 12:08, Allen Brooker wrote:
> Matthew Macdonald-Wallace wrote:
> > Morning all,
> >
> > I'm reading a series of articles on Security Focus by Artur Maj on how
> > to secure Apache, MySQL and PHP whilst keeping them all together. I'm
> > setting up a secure LAMP box from scratch on my laptop and as usual with
> > these kind of things, I've come away asking more questions that I
> > started with, so I'm hoping that someone will be able to answer them for
> > me:
> >
> > 1) Which version of Apache do people prefer for business critical
> > systems? In the article on setting up Apache
> > ( http://www.securityfocus.com/infocus/1694 ), Maj appears to be using
> > Apache 1.3.7, however on the apache website there are versions for
> > 1.x.x, 2.0.x and 2.2.x. Is there an "industry standard" at the moment,
> > or is it just a case of what you're comfortable with/stick with what you
> > know?
>
> I'm currently using Apache 2.0. To my knowledge apache1 is considered
> deprecated by the developers and is currently only getting security
> patches. I'm currently using the prefork (apache1 style) MPM on my
> server, but I've always used threaded MPM's on my development machines
> and have never run into any problems with PHP or any of the extensions
> that I've used (altho this doesn't mean there aren't any - just none
> I've run into). I haven't tried Apache 2.2 - as far as I know it's
> considered stable by the developers but even Gentoo currently has it
> hard masked, since it's only up to .3 currently (compared to Apache
> 2.0's .59). Today, unless you have a module which you use which is only
> available for Apache 1, or have a specific feature only available in
> Apache 2.2 which you need, I'd recommend using Apache 2.0.
with the threaded MPM, you have to make sure that any apache modules you use
are thread safe, just in case you decide to install third party ones
--
--------------------------------
http://www.thedumbterminal.co.uk
More information about the Kent
mailing list