[SATLUG] LAMP Server Question #3
alesmerises at satx.rr.com
Wed Oct 8 23:17:40 CDT 2014
Thanks. Lots of good info.
I haven't designed the database yet, but I think I can avoid the SQL
injection issue altogether since the purpose will be to make updates to
individual data fields in the database, and it won't be open to anyone
other than a select few people that will be authorized to make those
updates. Having said that, I do need to make sure that it doesn't
become a problem if a hacker tries to break in.
On 10/8/2014 8:07 AM, Alex Bartonek wrote:
> There isnt a simple answer to your question. You can secure Apache with various rules in httpd.conf and/or .htaccess but then your other question asks about PHP and MySQL (or whatever DB). Well, what about secure coding standards? What if you write PHP and it has embedded SQL commands that parse input and bring back results? Nefarious individuals can fart around entering various crap to see how far they can get..sql injection comes to mind.
> You can hide the Apache & OS version from popping up on a 404, get rid of directory listings, disable modules in httpd.conf that you arent using...there's alot. I hate to say it, but if you google "securing apache", there are a ton of hits.
> So your answer is two part..first secure apache, then PHP, but also dont forget that MySQL has default settings/tables/users that need to be changed/deleted once you install it.
> On Tue, 10/7/14, Alan Lesmerises <alesmerises at satx.rr.com> wrote:
> --> QUESTION #3:
> This server will be for the use of one particular
> organization and needs
> to be secured against outside parties from 'snooping' or
> worse. What
> resources (web sites, etc.) would you recommend for
> setting-up and
> securing an Apache server in this situation? Also,
> with all the
> different packages or "projects" sponsored by Apache, which
> ones should
> I make sure are included (and any configuration advice) when
> I install
> Al Lesmerises
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to
> Powered by Rackspace (www.rackspace.com)
More information about the SATLUG