The MT-Soft blog has posted a (basic but full of great info) new guide on ensuring that your PHP installation is a very secure place for your application to live.
This article shows the basic steps in securing PHP, one of the most popular scripting languages used to create dynamic web pages. In order to avoid repeating information covered in the previous article, only the main differences related to the process of securing Apache will be described.
They've broken it up into a few different sections:
- System they'll be using (operating system, functionality assumed, security assumptions)
- Preparing the software
- Installing PHP
- Chrooting the server
- Configuring PHP
- Protecting against CSS and SQL injection attacks
Check out the full tutorial to fill in the blanks of this outline.