[thelist] PHP server security?

Tom Dell'Aringa pixelmech at gmail.com
Tue Jul 18 12:49:10 CDT 2006

Hi folks,

Doing a simple project that is kind of an aside to a main project I am
working on. The CIO guy there is essentially worried that PHP is a security
risk (and even wanted me to use SSI instead). I've been googling for a best
practices document to set up PHP securely, but am not having much luck.

Can anyone either point me to a practical resource (someting other than the
php manual, I do see that much) that kind of lists the best way to set up a
basic apache PHP installation? Failing that, a simple list of what you
suggest would be great. I know there are things on the developer end as
well, so mentioning those or pointing to those would be great too (the only
thing I can recall right now is something about register_globals).

I'm not sure what version of PHP, but assume 5.

Thanks, and please respond directly to me at tom at g mail dot com if you


More information about the thelist mailing list