Securing the module and the CGI version of PHP differs somewhat. Most options apply to both the module and the CGI version, but there are some that are only applicable to the CGI version of PHP. I will first discuss the options both installations have in common and then the CGI specific options.
Common Configuration Options
This configuration option is very handy for automating common tasks, such as connecting to databases; authenticating users or declaring often used functions. Chapter 22 (Templates) has more information on the use of this option.
This configuration option is only used when PHP is running in safe mode. When safe mode is in effect, PHP will not parse files outside this directory.
With this option you can turn parsing of PHP scripts by the PHP module on or off on a per-directory or per-virtual host basis. You could combine this with Apache’s AddHandler/Action directives to execute some scripts with the module and other scripts with the CGI version. The CGI version could be running under the suEXEC mechanism. More information on Apache’s suEXEC mechanism can be found later in this chapter.
If you turn parsing of PHP scripts by the module off for a directory that contains PHP scripts, please make sure that access to the scripts is disallowed or that the CGI version will parse these scripts. If you don’t, the source of the scripts will be sent to the browser. If the source contains passwords, this can become major problem. It is better to be safe than sorry, so check the contents of a directory before you turn the parsing of scripts off.
Set the order in which GET, POST and COOKIE data is parsed. For instance, if you set this to “PG”, POST data will be parsed before GET data, so the GET data will override the data that resulted from the POST and cookies will not be parsed. The default is “GPC”.
Specifies a list of directories where functions such as require, include and fopen will look for files. The format is like the system’s PATH environment variable. In UNIX you use a colon to separate multiple directories, while in Windows you use a semicolon.
In UNIX you would use:
In Windows you would use:
With the use of the open_basedir option you can limit which files can be opened from PHP scripts.
When a script tries to open a file with, for example, fopen or gzopen, the location of the file is checked. When the file is outside the specified directory tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to bypass this restriction with a symbolic link.
If you use a single dot, PHP will only open files in the directory the script is stored or any directory below it. You can specify multiple directories, just like you can with include_path.
The default is to allow all files to be opened.
This allows you to specify the maximum number of seconds a script is allowed to execute. If a script takes longer, the PHP parser terminates it. When not in safe mode, you can use the set_time_limit function to change this setting from a running script. For example, if the script has been running for 10 seconds and the set_time_limit function is called with a value of 30, the script will be allowed to run 40 seconds. Note that the amount of CPU time consumed is not taken into account. Even if the script does nothing for 40 seconds PHP still terminates it.
By default, a script is allowed to run 30 seconds. If you set the time limit to zero, either using this option or the set_time_limit function, no time limit is imposed on the script.
With the memory_limit option you can limit the amount of memory (in bytes) a script can use. You can only use memory limits if you have compiled PHP with support for it. In contrast to a time limit, you cannot change the amount of memory a script can use from the script itself. It can only be done from the PHP configuration file.
memory_limit = 204800 # Let the scripts use up to 200 KB of memory
This option turns PHP’s safe mode on or off. When PHP is run in safe mode, PHP will impose several security limitations on scripts.
When safe mode is in effect, PHP will only allow you to execute programs from the specified directory.
MySQL has it’s own safe mode. If you set this to TRUE, mysql_connect and mysql_pconnect will ignore any host, user and password information you supply. This means you can only connect to the MySQL database as the user the web server is running as.
This specifies where PHP should place files that are being uploaded.
This is the directory PHP will look for scripts in a users home directory. Normally you will use the value you have also used for the UserDir directive in the Apache configuration (usually public_html), but you could also use other values. For instance, if you set this to public_html/php, then PHP scripts need to be located in the php subdirectory of public_html in order for PHP to parse them.
Database Specific Options
Most of the database modules have several options that may increase the availability of your application. The two most common options are max_persistent and max_links. Check the documentation of the particular database you are using to see which options are supported.
Allows you to set the maximum number of persistent connections a single process can open at any one time. If you set this value to 3 and you have set the number of webservers Apache is allowed to start to 50, you could end up with 150 persistent connections. Please make sure your database can handle this.
Allows you to set the maximum number of database connection a script can have. This includes both normal and persistent database connections. Don’t set this too high, as your database may not be able to handle the sheer volume of connections.
Using Safe Mode
Running PHP in safe mode is a great way of making the use of PHP scripts safer, especially if you allow users to develop and run their own PHP scripts. Turning on safe mode will cause PHP to check a number of this before executing functions that could possibly be a security risk.
Include, ReadFile, Fopen, File, Unlink, RmDir, etc.
The owner of file to be included must either be the same as the owner of the script running or the directory in which the file resides must be owned by this user.
Exec, System, PassThru, etc.
Programs to be executed must reside in a special directory (the default is /usr/local/php/bin). You can set this value before compiling PHP with the --with-exec-dir option.
This function takes an optional username to use to connect to an MySQL database. When in safe mode, this username must either be the username of the owner of the current file being parsed, or the name of the httpd user (usually nobody).
The numerical user id of the owner of the script containing the HTTP Authentication code will be prepended to the authentication realm. This is to prevent someone from writing a password.
©1998 Wrox Press Limited, US and UK.
blog comments powered by Disqus