VS-HS

Important security information

VS-HS does not use any of the built in “security” settings in PHP (including features such as Safe Mode), this is because those functions most often just break applications, which makes it a terrible way to solve security issues.

Most other servers run PHP by the same user, mostly called “nobody”. We believe that it’s not a good solution. So we decided to run something called suPHP which runs your PHP scripts under your OWN user (ie. calle).

However, this require you to maintain security for sensitive information such as passwords.

Please check that your file- and directory permissions meets the following suggestions.

• Apache needs to be able to access PHP scripts when accessing them from the web. This means that most of your PHP scripts probably should be mode 644 (rwxr—r—, writeable by you and readable by everyone), and should not contain anything sensitive.

• Database passwords and other secrets should be placed in a separate file and included from your PHP script. Since it’s executed with your user, it should have permissions 640.

• To be able to write to files from PHP scripts, they should be mode 664 or 660 (writeable by you and your group). The same applies to directories, which should be mode 775 or 770.

• You should never ever have any world-writeable (chmod 777, drwxrwxrwx) PHP scripts, or other files at all for that matter, unless you want others clobbering your files and using your disk quota, and it also exposes you to abuse in case another user has his/her/its’ PHP script compromised.

We do regular checks for world-writeable files and fix their permissions, but it’s better if it’s done properly from the start, and our permission changes can break your (badly written) PHP scripts.