PHP is an open-source server-side scripting language, and it is a widely used. The Apache/Nginx/Lighttpd web server provides access to files and content via the HTTP OR HTTPS protocol. A misconfigured server-side scripting language can create all sorts of problems. So, PHP should be used with caution. Here are twenty-five php security best practices for Linux and Unix sysadmins for configuring PHP securely.
Debian 5 php5 package has serious security issues as follows:
To prevent Denial of Service attacks by exhausting the number of available temporary file names, the max_file_uploads option introduced in PHP 5.3.1 has been backported.
There will be no updates after 31-Dec-2007 for PHP 4 version. According to the PHP development team ~ support for PHP 4 will continue until the end of this year only
You can easily upgrade to PHP 5 but please keep it mind that – few old php scripts may not work. Following application does works 100% with PHP 5 and MySQL 5:
a) WordPress blog software
b) Vbulletin and PHPBB forum software
c) Phpmyadmin MySQL admin software
d) Drupal 5.x CMS and many other softwares
This tutorial is intended to give a very basic introduction to using the Zend Framework to write a very basic database driven application.
Zend Framework is a new open source effort aimed at producing a high-quality framework for developing modern, robust, secure web applications and web services in PHP 5.
This tutorial is constantly updated by author.
Download pdf version at Rob Allen’s blog. [English version 83KB]
Also available in Simplified Chinese version, German version, Polish version, and Italian version.
It appears that many people or sys admin want to run php 5 on Red Hat Enterprise Linux. Unfortunately Redhat does not provide this package (RPM file) for RHEL. You can download source code and install php 5 from official php site. This requires compiler collection on your system. Download source code and just follow instructions presented in INSTALL or REDME file.
Another option is search and installs PHP 5 packages. You can download x86_64 PHP 5 package here. Use wget command to download these packages and rpm command to install new packages. But first remove old php4 package using rpm -e command.
Alert: This post is outdated. Please use the latest version of RHEL/CentOS v6.x+ for PHP 5.x. The author no longer support php 5 rpm on RHEL 4.x.
However these rpm packages 64 bit so if you are running 32 bit os rebuild RPM file.
Step # 1: Download src rpm
# cd /tmp
# wget http://www.cyberciti.biz/files/lighttpd/rhel4-php5-fastcgi/php-5.1.4-1.esp1.src.rpm
# rpm -ivh php-5.1.4-1.esp1.src.rpm
Step #2: Rebuild RPM for 32 bit RHEL version
# cd /usr/src/redhat/SPECS
# rpmbuild -bb php.spec
It will take some time to compile and rebuild RPM files.
Step #3: Install new php5 RPM file
Remove old php4 rpm. Go to /usr/src/redhat/RPMS directory and install PHP5 RPM files.
Please note that PHP 5 is not official supported by Red Hat on RHEL 4.0. You are using these packages on your own risk 😉
FastCGI is a language independent, scalable, open extension to CGI that provides high performance without the limitations of server specific APIs. FastCGI provides better scalability and performance. Instead of creating a new process (the CGI program) for every request, FastCGI uses a single persistent process which handles many requests over its lifetime. (See wikipedia article for more information)
Make sure php support fastcgi
Type any one of the following command to verify that php support fastcgi
$ php -v
PHP 5.0.4 (cli) (built: Nov 8 2005 08:27:12) Copyright (c) 1997-2004 The PHP Group Zend Engine v2.0.4-dev, Copyright (c) 1998-2004 Zend Technologies
$ php-cgi -v
PHP 5.0.4 (cgi-fcgi) (built: Nov 8 2005 08:25:54) Copyright (c) 1997-2004 The PHP Group Zend Engine v2.0.4-dev, Copyright (c) 1998-2004 Zend Technologies
You must get string cgi-fcgi. Next find out full path to php-cgi or php binary:
$ which php-cgi
Open lighttpd configuration file:
# vi /etc/lighttpd/lighttpd.conf
First add the module mod_fastcgi (lighttpd provides an interface to a external programs that support the FastCGI interface via this module). Make sure your server.modules loades mod_fastcgi:
server.modules = ( "mod_access", "mod_accesslog", "mod_fastcgi", "mod_rewrite", "mod_auth" )
Now add following lines to configuration:
fastcgi.server = ( ".php" => (( "bin-path" => "/usr/bin/php-cgi", "socket" => "/tmp/php.socket" )))
Save the configuration and close all the files. Restart the lighttpd:
# /etc/init.d/lighttpd restart
Test your configuration by running php program or application.