[Klug-general] January 2009 Meeting
Laurence Southon
laurence at southon.uk.net
Mon Jan 12 18:16:58 UTC 2009
Mike Evans wrote:
> We should, however, take
> the appropriate steps to ensure that we are not vulnerable to an attack.
> Doing so would seem to be a matter of controlling certain global
> settings for PHP, and checking the provenance of any plug-ins used, and
> perhaps being conservative in the number used.
>
It's also important to ensure that Joomla calls php scripts as its own
user and not the Apache2 user (www-data on Debian).
This can be achieved either using suphp or installing Apache2 using the
mpm-itk module rather than the default mpm-worker.
Both methods have pros and cons, so I'd be interested in anyone's
experience/comment on this.
Also vital to keep Joomla up to date. A security fix was announced just
this weekend.
LS
--
Laurence Southon
Tiger Computing, Bexley
www.tiger-computing.co.uk
More information about the Kent
mailing list