Securing PHP w/o Secure Code

frankfisher

Hi.

I know keeping security in mind is the first and most important step toward properly stable and secure code. However, my employer wants to offer PHP/MySQL as a platform for our hosting clients.

So, I've been charged with making this safe. We absolutely (lesson learned hard way) cannot trust our clients to write good code. I need to find a way to minimize risk.

Obviously, my knee-jerk reaction was to just audit any code, but that would be resource (time) expensive and still it would be difficult to keep up with every little thing.

Short of mod'ing the source and recompiling is there any way to disable or displace the exec(), system(), etc. functions?

Any info. I can find focusses on writing good code, and rightly so, but my situation makes that less reliable. Any advice would be appreciated greatly.

Thanks,
Frank

"May your error messages forever be explicit" --Coda

drawmack

your first step is to run php in safe mode

after this do not allow the users to change directory permissions

on top of that set up the os and web server such that is someone gets into a users site through a code fracture they do not get into the entire server.

you could also have a program that scours code for unsafe functions and does not implent any script containing them.

frankfisher

Safe mode is exactly what I needed. Thanks a lot.

I think we may implement some simple automatic script checking too.

Frank

"Virtual means never knowing where your next byte is coming from"