Chapter 3. Creating a Secure Environment
In This Chapter
Securing the Apache Web server
Securing the IIS Web server
Configuring PHP securely
Even the most secure Web application can be compromised if it's running in an insecure environment — in the same way that locking your car doors is useless if you leave the windows down.
You can most easily secure your PHP application by making sure it's running on a reasonably secure server. By their very nature, Web servers are inherently insecure because, to serve Web sites, they must allow anonymous access to certain files and applications. However, you can take a few simple steps to prevent malicious users from abusing the open nature of a Web server.
According to the NetCraft survey of September 2007, the two major Web servers, Apache and Internet Information Server (IIS), together served over 85 percent of the Web sites on the Internet. We walk you through securing each server in this chapter. This chapter isn't meant to be exhaustive — we simply don't have the space for that — but it covers some of the most important things you can do to create a secure environment in which your PHP applications can run.
Get PHP & MySQL® Web Development All-in-One Desk Reference for Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
