[Nottingham] help with PHP Smarty please

godfrey godfrey at gnnix.co.uk
Fri Mar 14 19:57:38 GMT 2008


Thanks, Graeme, for your kind thoughts. The situation has resolved itself - in 
the direction I had wanted from the outset. The system will be on a dedicated 
machine located in the charity's office, and protected by a firewall. There 
are some members in London who are very familiar with Linux and they will be 
managing it. (And introducing others to the joys of Linux - great!)
So, problem solved.

Regards,

Godfrey


On Tuesday 11 March 2008 11:17 pm, Graeme Fowler wrote:
> On Mon, 2008-03-10 at 21:04 +0000, godfrey wrote:
> > This is for a demonstration only, before the 'powers-that-be' agree to
> > fund a dedicated server.
>
> When they do, please please please don't use mod_php. Make PHP run
> through SuEXEC, suPHP or some other wrapper and consider, if you can,
> developing an SELinux policy template for it. Also look at the Hardened
> PHP project and the Suhosin patchset. Yes, there are execution overheads
> with execute wrappers such as these, and yes, SELinux is a total dog to
> get right, but your trousers are worth the work. mod_php in default
> state is *dreadful* in terms of security - especially with the various
> hacks you may have to put in place to make it work acceptably.
>
> > Would I be so daft as to put live data on a shared system?
>
> I couldn't possibly comment ;-)
>
> G
>
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/nottingham



More information about the Nottingham mailing list