Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anson Cheung's Blog:
Top 10 PHP Best Security Practices for Sys Admins
Jan 30, 2012 @ 20:52:26

In this recent post to his blog Anson Cheung provides a set of helpful hints for sysadmins to follow when installing (or just securing) the PHP installations on their systems.

PHP is widely used for various of web development. However, misconfigured server-side scripting would create all sorts of problem. And here are php security best practices that you should aware when configuring PHP securely. Nowadays most of the web servers are operated under Linux environment (like: Ubuntu, Debian...etc). Hence, in the following article, I am going to use list top 10 ways to enhance PHP Security Best Practices under Linux environment.

His tips include:

  • Reducing the built-in PHP modules
  • Logging all PHP errors
  • Disabling remote code execution
  • Disabling dangerous PHP functions
  • Write protection on Apache, PHP & MySQL configuration files
tagged: sysadmin security install tip bestpractices configuration

Link:

Kyle Brandt's Blog:
Should Developers have Access to Production?
Aug 06, 2010 @ 18:56:39

In an interesting post to his blog Kyle Brandt asks a question universally debated by system administrators everywhere - should developers have access to production?

A question that comes up again and again in web development companies is: 'Should the developers have access to the production environment, and if they do, to what extent?' My view on this is that as a whole they should have limited access to production. A little disclaimer before I attempt to justify this view is that this standpoint is in no way based on the perceived quality or attitude of the developers '" so please don't take it this way.

He talks about common excuses from developers like "we've had access before" and "we need access to troubleshoot" as well as some of the process restricting the access could create. He touches on a few other issues including developer concerns vs those of the sysadmin, change control issues and the responsibilities of the sysadmin administrators if they want to allow the developers to poke around their servers.

Be sure to check out some of the other great suggestions in the comments too!

tagged: developer access production sysadmin system administrator opinion

Link:

Community News:
phpBB & phpMyAdmin Win at SourceForce Community Choice Awards
Aug 06, 2007 @ 16:06:00

As mentioned by the php|architect website, the results are in for the Community Awards competition SourceForge was hosting for the year and two PHP-based projects made the list - phpBB and phpMyAdmin.

The Community Choice Awards are over! The SourceForge.net 2007 Community Choice Awards provided you an opportunity to recognize projects that stand taller than the rest. Everybody got to vote, and everybody’s vote counted equally. The winning projects, each with superlative quality, productivity, and ingenuity, represent the cream of the crop on SourceForge.net.

phpBB made the cut in the "Best Project for Communications" category and phpMyAdmin won in the "Best Tool or Utility for SysAdmins". Congratulations to both projects on your achievement!

tagged: sourceforge community choice award communication sysadmin utility sourceforge community choice award communication sysadmin utility

Link:

Community News:
phpBB & phpMyAdmin Win at SourceForce Community Choice Awards
Aug 06, 2007 @ 16:06:00

As mentioned by the php|architect website, the results are in for the Community Awards competition SourceForge was hosting for the year and two PHP-based projects made the list - phpBB and phpMyAdmin.

The Community Choice Awards are over! The SourceForge.net 2007 Community Choice Awards provided you an opportunity to recognize projects that stand taller than the rest. Everybody got to vote, and everybody’s vote counted equally. The winning projects, each with superlative quality, productivity, and ingenuity, represent the cream of the crop on SourceForge.net.

phpBB made the cut in the "Best Project for Communications" category and phpMyAdmin won in the "Best Tool or Utility for SysAdmins". Congratulations to both projects on your achievement!

tagged: sourceforge community choice award communication sysadmin utility sourceforge community choice award communication sysadmin utility

Link:

Job Posting:
Neverblue Media Seeks a Intermediate Developer/Systems Administrator (Victoria, BC)
Jun 04, 2007 @ 19:32:00

Company Neverblue Media, Inc.
Location Victoria, BC
Title Intermediate Developer/Systems Administrator
Summary

As the successful applicant, you have a mixed skill set consisting of both a Linux systems administration and PHP software development. You have experience deploying, administering and maintaining Linux based web and database servers. You are able to design and build dynamic database driven web applications using open source resources. You are eager to work in a results driven environment and have excellent verbal and written communication and documentation skills.

Key Accountabilities

  • Development
    • PHP development of PostgreSQL and MySQL database driven web applications in a Linux environment
    • Support and refine existing web applications
  • Systems
    • Linux server administration supporting the following applications:
      • Apache
      • MySQL and PostgreSQL
      • Asterisk PBX
    • Working with the Sr. Systems Administrator to maintain office network infrastructure including:
      • Firewalls
      • Development servers
      • Exchange
      • Open LDAP
      • Asterisk phone system
      • XP and Ubuntu user workstations
    • Team Support
      • Receiving and responding to technical questions and providing support to non-technical team members in a respectful, accurate and thorough manner
      • Communicating regularly with the Manager of Technology to ensure complete understanding of how projects and tasks are to be prioritized

Required Skills and Experience

  • Minimum 2-3 years dynamic web site development applications/programming experience in PHP, working in a Linux environment
  • Experience with HTML, CSS, and JavaScript with clean HTML and form design layout
  • Strong database knowledge using MySQL and/or PostgreSQL
  • Experience administrating Apache web servers (SSL, vhost, 10+ million hits/day)
  • Understanding of common network security exploits and their remedies
  • Understanding of NFS and Samba file services
  • Excellent verbal and written communication skills and the ability to clearly report to managers and to coordinate well with other technical and business development team members

Preferred Skills and Experience

  • Knowledge of SIP VoIP systems a strong asset, particularly Asterisk PBX systems
  • SQL application and database performance tuning
  • Experience administrating a Linux, Red Hat or Fedora network
  • Subversion
  • Hardware and software RAID
  • Geo-IP/DNS

To apply, please email cover letter and resume referencing "Intermediate Developer/Systems Administrator" outlining why you want to join the Neverblue Media team and salary expectations to: careers@neverbluemedia.com.

We would like to thank all applicants for your interest however, only candidates selected for an interview will be contacted.

Recruitment for this position will be ongoing until we find the most suitable candidate.

Link More Information
tagged: job post developer sysadmin victoria bc job post developer sysadmin victoria bc

Link:

Job Posting:
Neverblue Media Seeks a Intermediate Developer/Systems Administrator (Victoria, BC)
Jun 04, 2007 @ 19:32:00

Company Neverblue Media, Inc.
Location Victoria, BC
Title Intermediate Developer/Systems Administrator
Summary

As the successful applicant, you have a mixed skill set consisting of both a Linux systems administration and PHP software development. You have experience deploying, administering and maintaining Linux based web and database servers. You are able to design and build dynamic database driven web applications using open source resources. You are eager to work in a results driven environment and have excellent verbal and written communication and documentation skills.

Key Accountabilities

  • Development
    • PHP development of PostgreSQL and MySQL database driven web applications in a Linux environment
    • Support and refine existing web applications
  • Systems
    • Linux server administration supporting the following applications:
      • Apache
      • MySQL and PostgreSQL
      • Asterisk PBX
    • Working with the Sr. Systems Administrator to maintain office network infrastructure including:
      • Firewalls
      • Development servers
      • Exchange
      • Open LDAP
      • Asterisk phone system
      • XP and Ubuntu user workstations
    • Team Support
      • Receiving and responding to technical questions and providing support to non-technical team members in a respectful, accurate and thorough manner
      • Communicating regularly with the Manager of Technology to ensure complete understanding of how projects and tasks are to be prioritized

Required Skills and Experience

  • Minimum 2-3 years dynamic web site development applications/programming experience in PHP, working in a Linux environment
  • Experience with HTML, CSS, and JavaScript with clean HTML and form design layout
  • Strong database knowledge using MySQL and/or PostgreSQL
  • Experience administrating Apache web servers (SSL, vhost, 10+ million hits/day)
  • Understanding of common network security exploits and their remedies
  • Understanding of NFS and Samba file services
  • Excellent verbal and written communication skills and the ability to clearly report to managers and to coordinate well with other technical and business development team members

Preferred Skills and Experience

  • Knowledge of SIP VoIP systems a strong asset, particularly Asterisk PBX systems
  • SQL application and database performance tuning
  • Experience administrating a Linux, Red Hat or Fedora network
  • Subversion
  • Hardware and software RAID
  • Geo-IP/DNS

To apply, please email cover letter and resume referencing "Intermediate Developer/Systems Administrator" outlining why you want to join the Neverblue Media team and salary expectations to: careers@neverbluemedia.com.

We would like to thank all applicants for your interest however, only candidates selected for an interview will be contacted.

Recruitment for this position will be ongoing until we find the most suitable candidate.

Link More Information
tagged: job post developer sysadmin victoria bc job post developer sysadmin victoria bc

Link:

Christian Wenz's Blog:
SANS Top-20 Internet Security Attack Targets (2006 Annual Update)
Nov 27, 2006 @ 16:03:00

In a new post on his blog, Christian Wenz mentions the latest results of the SANS Institute's Top 20 Internet Security Attack Targets list which both includes a new entry ("Users") and several mentions of PHP and PHP-related applications.

Of course you can debate how such a Top list came together and what the real value behind that is, but there are two specific points in this year's list that I found quite interesting.

There's two targets for the PHP community to worry about - sysadmin/hosting and things developers need to keep in mind. Items on these lists include:

  • Always test and deploy patches and new versions of PHP as they are released
  • Use Intrusion Prevention/Detection Systems to block/alert on malicious HTTP requests. Consider using Apache's mod_security to block known PHP attacks
  • If you use PHP, migrate your application to PHP 5.2 as a matter of urgency.
  • Encode all output using htmlentities() or a similar mechanism to avoid XSS attacks
You can check out the full information over on the SANS Institute website.

tagged: sans institute top20 internet security attack target sysadmin hosting developer sans institute top20 internet security attack target sysadmin hosting developer

Link:

Christian Wenz's Blog:
SANS Top-20 Internet Security Attack Targets (2006 Annual Update)
Nov 27, 2006 @ 16:03:00

In a new post on his blog, Christian Wenz mentions the latest results of the SANS Institute's Top 20 Internet Security Attack Targets list which both includes a new entry ("Users") and several mentions of PHP and PHP-related applications.

Of course you can debate how such a Top list came together and what the real value behind that is, but there are two specific points in this year's list that I found quite interesting.

There's two targets for the PHP community to worry about - sysadmin/hosting and things developers need to keep in mind. Items on these lists include:

  • Always test and deploy patches and new versions of PHP as they are released
  • Use Intrusion Prevention/Detection Systems to block/alert on malicious HTTP requests. Consider using Apache's mod_security to block known PHP attacks
  • If you use PHP, migrate your application to PHP 5.2 as a matter of urgency.
  • Encode all output using htmlentities() or a similar mechanism to avoid XSS attacks
You can check out the full information over on the SANS Institute website.

tagged: sans institute top20 internet security attack target sysadmin hosting developer sans institute top20 internet security attack target sysadmin hosting developer

Link:

SitePoint PHP Blog:
The sysadmin view on "Why PHP"
Jan 12, 2006 @ 12:42:35

On the SitePoint PHP Blog today, Harry Fuecks takes a look at why PHP from a sysadmin's perspective.

A funny from the Python crowd: phpfilter—PHP "support" under CherryPy. There is a serious side to that though—it's spitting out something that looks like a PHP parse error—i.e. this is a developer problem (e.g. someone ftp’d a PHP straight onto their live web server for “testing”), not a runtime error.

More to the point, when was the last time you saw a PHP runtime error take down an entire application or web server? And no - "MySQL Connection Failed: Can't connect to local MySQL server" doesn’t count—PHP and the web server are still running—the MySQL server (or otherwise) is to blame.

He also looks at a slightly different method for serving up web applications - with FastCGI. He talks about the basic features of a server (forking, threading, asynchronous I/O) and how that explains how we've ended up with PHP being the "lesser of the evils"...

tagged: sysadmin view why use fastcgi threading forking asynchronous I/O sysadmin view why use fastcgi threading forking asynchronous I/O

Link:

SitePoint PHP Blog:
The sysadmin view on "Why PHP"
Jan 12, 2006 @ 12:42:35

On the SitePoint PHP Blog today, Harry Fuecks takes a look at why PHP from a sysadmin's perspective.

A funny from the Python crowd: phpfilter—PHP "support" under CherryPy. There is a serious side to that though—it's spitting out something that looks like a PHP parse error—i.e. this is a developer problem (e.g. someone ftp’d a PHP straight onto their live web server for “testing”), not a runtime error.

More to the point, when was the last time you saw a PHP runtime error take down an entire application or web server? And no - "MySQL Connection Failed: Can't connect to local MySQL server" doesn’t count—PHP and the web server are still running—the MySQL server (or otherwise) is to blame.

He also looks at a slightly different method for serving up web applications - with FastCGI. He talks about the basic features of a server (forking, threading, asynchronous I/O) and how that explains how we've ended up with PHP being the "lesser of the evils"...

tagged: sysadmin view why use fastcgi threading forking asynchronous I/O sysadmin view why use fastcgi threading forking asynchronous I/O

Link:


Trending Topics: