[SATLUG] LAMP Server Question #3
bartonekdragracing at yahoo.com
Wed Oct 8 08:07:43 CDT 2014
There isnt a simple answer to your question. You can secure Apache with various rules in httpd.conf and/or .htaccess but then your other question asks about PHP and MySQL (or whatever DB). Well, what about secure coding standards? What if you write PHP and it has embedded SQL commands that parse input and bring back results? Nefarious individuals can fart around entering various crap to see how far they can get..sql injection comes to mind.
You can hide the Apache & OS version from popping up on a 404, get rid of directory listings, disable modules in httpd.conf that you arent using...there's alot. I hate to say it, but if you google "securing apache", there are a ton of hits.
So your answer is two part..first secure apache, then PHP, but also dont forget that MySQL has default settings/tables/users that need to be changed/deleted once you install it.
On Tue, 10/7/14, Alan Lesmerises <alesmerises at satx.rr.com> wrote:
--> QUESTION #3:
This server will be for the use of one particular
organization and needs
to be secured against outside parties from 'snooping' or
resources (web sites, etc.) would you recommend for
securing an Apache server in this situation? Also,
with all the
different packages or "projects" sponsored by Apache, which
I make sure are included (and any configuration advice) when
SATLUG mailing list
SATLUG at satlug.org
Powered by Rackspace (www.rackspace.com)
More information about the SATLUG