Mailing List Archive

   tlug.jp -> Mailing List -> tlug archive -> tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Hardening . . . . . . . (was Re: [tlug] Host Blocking and Logfile Parsing)

Curt wrote:

> Well, assuming, as I pointed out, that you're not using a script that
> makes the problem worse. 

Learn how to write safe shell scripts. 

> Web applications, especially PHP ones, are notorious for for all sorts
> of hacks; you'd probably get more advantage from sandboxing the apps to
> the greatest degree possible. 

Many PHP exploits involve badly written PHP code. 
As with shell scripts, learn how to write safe PHP code. 

Sandboxing is good, but sophisticated web apps need to interact enough 
with the rest of the system that big holes in sandboxing would be needed. 

> Ensure that your web servers' database users have only the minimum
> access necessary to carry out their work. 

Yup. 
More broadly, this is called the principle of least privilege. 

   http://en.wikipedia.org/wiki/Principle_of_least_privilege
Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links