Offshore web hosting - 560Part IIIAdvanced Features and TechniquesMost users today who
February 4, 2007 on 3:22 pm | In php | No Comments560Part IIIAdvanced Features and TechniquesMost users today who use PHP s CGI mode are interested in using it as a standalone binary, similar to Perl, rather than for Web development. If this is the case, safe mode is probablybeside the point. –enable-safe-modeSafe mode was originally designed for and is still very strongly recommended for users of theCGI version of PHP, especially in a shared-server environment. Module users generally do notuse safe mode, although it s theoretically possible. Safe mode basically does three things: .It limits PHP parsing to files in a specified directory. .Even within that directory, it prevents PHP from reading files that are owned by a userother than the one running the PHP process. .It limits PHP to executing only external programs in a specified directory, such as/usr/local/bin. Remember that userin this formulation means the PHP user rather than a systems user. The increased security of safe mode comes at a cost and that cost is inconvenience. Inconvenience is probably the number-one reason that people do insecure things in the firstplace which leaves us right back where we started. In general, if you lack root access on the server, you can forget about using safe mode. Theexception is if your ISP has set you up with a CGI version of PHP running under individualUIDs with suExec or functional equivalent. It s next to impossible to switch file ownershipbetween a real Unix system user and Nobody without becoming the superuser once in awhile. Apache s suExec feature, which allows CGIs to be run under user IDs different than that ofthe httpd, is notcompatible with PHP safe mode. You must choose one or the other, asyour PHP binary will get dumped to the browser if you try to use both. The safe mode restriction on executing programs is intended to limit access to system utilities. PHP can still connect to certain programs that are already running, regardless of their locationor user such as a database server or mail server because it s talking to a port rather thanrunning a program. The main Apache configuration directive related to safe mode is DocumentRoot. Rememberthat under safe mode you can t include or require files from outside this directory, so set it at a high enough level. You can alternatively set the PHP document root in php.iniby meansof the doc_rootvariable you may choose to do it this way if, for instance, only part of your site is PHP-enabled. Configuration directives in php.inirelated to safe mode includesafe_mode=on/offand safe_mode_exec_dir. (You need to set this only if you want tochange from /usr/local/binto something else.) You can also use include_pathto specifyparticular subdirectories within your document root directory onlyfor your include files. Safe mode cannot be enabled or disabled in Apache s per-directory .htaccessfiles. Changes related to safe mode must be made in the main Apache configuration file, httpd.conf, or in php.inias described previously. The function set_time_limit()cannot be used in safe mode. You must depend on theglobal configuration directive max_execution_timein php.iniinstead. TipCaution34
Hint: If you are looking for very good and affordable webspace to host and run your tomcat hosting application check Sandzak.com tomcat web hosting provider
Secure web hosting - 559Chapter 30ConfigurationTo learn more about XML-based Web services
January 25, 2007 on 8:32 pm | In php | No Comments559Chapter 30ConfigurationTo learn more about XML-based Web services and PHP, see Chapter 41. –with-dom[=DIR] This flag builds with DOM XML support, using the GNOME xml library (a.k.a. libxml, gnome-xml). The DIRpath should point to your libxmlinstallation; if you don t set thisvalue, it defaults to /usr. You can download and learn more about GNOME xml from www.xmlsoft.org/. Very common shared libraries, such as libjpeg, can cause fatal problems at PHP compiletime even if you correctly set the directory paths in all the compile-time flags. Commonissues include PHP looking for the files in the wrong place, incorrect versions of theselibraries already being installed on your machine, or libraries having been built in a forminaccessible to PHP. The solution to most of these problems is to upgrade all such shared libraries to the latestversion. However, if your client applications are old, this may break them. A possibleworkaround is to temporarily rename the installed versions of your shared libraries so theycannot be found by PHP; compile the new versions in different locations; compile PHP usingthese directory paths; then rename your old versions to their original names. Take goodnotes if you try this! –enable-bcmathThis option builds support for arbitrary-precision mathematics from a bundled library. Youcan set the number of decimal places in php.ini. –enable-calendarThis option builds support for calendar conversion functions (for example, Jewish to Julian) from a bundled library. –with-config-file-path=DIRThis option allows you to specify the location of your php.inifile. You need to use it only ifyou ve deliberately moved it away from the default location, /usr/local/lib. –enable-url-includesThis option allows you to include or require and execute files from remote HTTP or FTPservers, like this: include(http://remotehost/include.php). This functionality should becarefully considered, as it has horrible security implications. If you merely want to read inHTML files from other servers, you do notneed this flag. –disable-url-fopen-wrapperThis flag turns off the default capability to open files on remote HTTP and FTP servers, likethis: fopen(http://remotehost/include.php). CGI compile-time optionsAll compile-time options just described are available for the CGI version, except for the mod- ule-specific flags (for example, –with-apache, –with-apxs). TipCross- Reference34
Note: If you are looking for good and affordable webspace to host and run your servlet application check Sandzak servlet hosting services
558Part IIIAdvanced Features and TechniquesTable 30-1(continued) Database NameDefault (Wiki hosting)
January 22, 2007 on 11:36 pm | In php | No Comments558Part IIIAdvanced Features and TechniquesTable 30-1(continued) Database NameDefault DirectoryFlag SyntaxPostgreSQL/usr/local/pgsql–with-pgsql[=DIR] SAP DB/usr/local–with-sapdb[=DIR] Solid*/usr/local/solid–with-solid[=DIR] Sybase/home/sybase–with-sybase[=DIR] Sybase-CT/home/sybase–with-sybase-ct[=DIR] SQLiteBundled–with-sqliteThe databases marked with an asterisk use ODBC-based interfaces. These ODBC choices aremutually exclusive you must limit yourself to a maximum of one. Each database mandates slightly different configuration options in php.inior other configu- ration files. Oracle, for example, has its own environment variables that obviate PHP settings. Sybase, Oracle, and some other databases escape single quotes with single quotes, whichrequires the magic_quotes_sybaseoption in php.ini. MySQL allows you to specify a defaulthostname, username, and password not at all a good idea unless you understand the secu- rity implications! Most of these options are standard and self-explanatory, however, and theyhave little effect on other parts of PHP. –with-mcrypt[=DIR] This flag builds in the mcryptlibrary, which includes many of the most popular open cipheralgorithms. mcryptis available for download at http://mcrypt.sourceforge.net/. There is no documented default directory, although PHP can probably find the one men- tioned in the libmcryptdocumentation. libmcryptmust be compiled with the –disable- posix-threadsoption. See Chapter 29 for more information on using PHP s cryptographycapabilities. –with-java[=DIR] This flag builds Java support into PHP. The DIRpath should be set to the location of yourJDK, and the Java settings in php.inimust all be set correctly. This extension cannot beused with a static Web server build (for example, –with-apache), and this flag will probablynot work correctly with Solaris versions of PHP and Java. Please see the Java extensionREADMEin /php_[build_directory]/ext/javafor more information. There is an alternate method of accessing Java from PHP: integrating PHP into a Java Servletenvironment using a SAPI module. You might want to do this if you use Java extensively, as itis the more efficient method. If you choose the servlet integration method, you do not needthis extension. See Chapter 39 for more on using Java with PHP. –with-xmlrpcThis flag builds Dan Libby s XML-RPC and SOAP implementation into PHP. The XML-RPC pack- age now comes bundled with PHP, so you do not need to specify a directory.
Hint: If you are looking for very good and affordable webspace to host and run your java hosting application check Sandzak.com java web hosting provider
Atlanta web hosting - 557Chapter 30Configurationthe default choice. If you forget this
January 20, 2007 on 3:22 pm | In php | No Comments557Chapter 30Configurationthe default choice. If you forget this (or the –with-apxs) flag when trying to make a staticApache module, you will end up with the CGI version. You almost certainly want to set the Apache base directory parameter because makemaydefault to some unexpected location. Remember that Apache installs in different defaultdirectories in the source versus RPM builds so if you ve previously installed an httpdviaRPM (perhaps as part of a Red Hat Linux installation), you should uninstall the package andleave a clean background for the source build you need now. A static Apache build will have to be recompiled every time you change PHP versions. Apache server, at this point, changes rather slowly, whereas PHP adds new extensions andreleases patches rather frequently, so this may be a significant factor in choosing the apxsbuild instead. –with-apxs[=DIR] or –with-apxs2[=DIR] This flag specifies that the PHP module be built as a dynamic Apache module. This saves diskspace for Apache, and some people claim the build is easier. The main value of the apxs buildis that you will be able to swap PHP modules (while upgrading, for instance) without recom- piling Apache. If you upgrade frequently, or if you enjoy trying out experimental builds, this isthe best option. Remember that you can build PHP with eitherthe –with-apacheor –with-apxsflags, not both. –with-[database][=DIR] All the databases supported by PHP use a similar compile-time flag. The directory need onlybe specified if it is not the default installation directory. For more information on choosing adatabase for use with PHP, see Chapter 12. The specific flags and default directories are listedin Table 30-1. Table 30-1: Database Compile-Time InformationDatabase NameDefault DirectoryFlag SyntaxAdabas D*/usr/local–with-adabas[=DIR] DBasebundled–enable-dbaseFileprobundled–enable-fileproIBM DB2/home/db2inst1/sqllib–with-ibm-db2[=DIR] Informixno default–with-informix[=DIR] iODBC*/usr/local–with-iodbc[=DIR] mSql/usr/local/Hughes–with-msql[=DIR] MySQL < 4.1/usr/local/mysql--with-mysql[=DIR] MySQL 4.1 and above/usr/local/mysql--with-mysqli[=DIR] OracleORACLE_HOME--with-oci8[=DIR] ContinuedCaution34
Note: If you are looking for best hosting provider to host and run your tomcat application check Astra tomcat hosting services
556Part IIIAdvanced Features and (Linux web host) TechniquesIn fact, the truth
January 17, 2007 on 5:00 pm | In php | No Comments556Part IIIAdvanced Features and TechniquesIn fact, the truth is that the PHP build for Windows (the so-called manual installation, not theinstaller version) now offers almost all the functionality of Unix builds with much less effort. Windows users only need to worry about the variables that can be set with the php.inifile not all of which are applicable to Windows versions of PHP anyway. If you only use PHPon Windows, feel free to skip down to the The php.ini file section of this chapter, with aglance at the Apache configuration files section if you run on Apache. Unix users have a more specific palette of options. To take full advantage of this power, youneed to clearly understand the various means by which you can analyze and control yourPHP installation. The three most important on the Unix side are: .Compile-time options .Web-server configuration files .The php.inifileA few things can also be controlled with runtime options, system settings, or the presence/ absence/configuration of other software packages. Compile-time optionsDuring the configure/make process, PHP allows you to specify a number of specific flags. Thiscauses the appropriate extensions to be built into your custom version of the PHP module orbinary. None of the information in this section is relevant if you are running a precompiledbinary (for example, Windows, Mac OS X, or rpm build). It s important to understand that most compile-time options are merely necessary precondi- tions for using a particular function set but that this capability can still be turned on or off, or important configuration options set, in the php.inifile. The compilation step and the con- figuration file work together. Think of it this way: You must compile with the flag to use thefunctionality, but you needn t use the functionality just because you compiled with the flag. If you fail to employ the appropriate compile-time option, you get an undefined-functionfatal error. This error is almost never seen outside of user-defined functions for any other rea- son, so it should be considered a red flashing light that you need to check your compilationoptions. Thankfully, you can retrieve your previous options with phpinfo()and then simplyadd the new features you want, should a recompile ever be necessary. Most compile-time options are pretty self-explanatory. You merely install the required libraries, build PHP with the –with-[library][=DIR]flag and, in some cases, set a configurationoption in php.ini. In the following sections, we will mention only common cases that requirespecial treatment of some kind. Remember that all third-party servers and libraries that you plan to use with PHP must bedownloaded and installed beforeyou attempt to build PHP. This means the Web server, adatabase server, mail and LDAP servers, XML, encryption, graphics, and bcmathlibrariesmust all be in place before PHP. –with-apache[=DIR] or –with-apache2=[DIR] This flag causes PHP to be built as a static Apache module. You must use –with-apache2if you ve ventured into the newest Apache series. Even though the Apache module version isnow by far the most popular build, the PHP developers have chosen to leave the CGI build asTipTip34
Quick Hint: If you are looking for best quality webspace to host and run your tomcat application check Vision tomcat hosting services
Configuration In this chapter, we discuss the (Godaddy web hosting) many
January 14, 2007 on 11:22 pm | In php | No CommentsConfiguration In this chapter, we discuss the many configuration options availablewith PHP, particularly the Unix Apache module version, in somedetail. The goal is for you to better understand the tradeoffs of eachcapability you may enable or disable and how they may affect eachother. We also touch on ways you can measure and improve the per- formance of your PHP scripts. Viewing Environment VariablesTo see any of the settings discussed in the following section, youhave only to use the phpinfo()function in a valid PHP script. Thisfunction begins with a quick recap of the PHP version, your platform, date of build, and compile-time options; it then moves methodicallythrough your PHP settings. You will also see some information aboutyour Web server settings and environment variables. The output of the phpinfo()function is a potential bonanza forcrackers, so you shouldn t leave it sitting around on a productionserver. Understanding PHP ConfigurationLike most of the best open source software packages, PHP is highlyconfigurable. It s left up to you, the individual PHP user, to find yourown balance among the competing virtues of power, flexibility, safety, and ease of use. Configuration is difficult to describe fully because there are so manypossible combinations of options about 25 factorial combinations, as a matter of fact. In some cases, there is an obvious conflict betweentwo configuration directives you simply have to choose one or theother, end of story. In other cases, you can have both but may needto remember some workarounds. We try to point out as many ofthese implications as we can, but no one can honestly claim to havetested every possible combination. Since the launch of PHP4, the development group has made a trulyHerculean effort to bring the Windows build up to the same level offunctionality as Unix users have always enjoyed. The Windows ver- sion of PHP now ships with the most popular extensions (for exam- ple, MySQL) compiled in and a startling number of shared libraries(.dlls) bundled with PHP itself. Many of these libraries have to bebuilt from Unix source, so this effort represents a truly amazingamount of unremunerated, thankless work from the PHP build team. 3030CHAPTER …In This ChapterViewing environmentvariablesUnderstanding PHPconfigurationImproving PHPperformance …
Quick Hint: If you are looking for best quality webspace to host and run your tomcat application check Vision tomcat hosting services
553Chapter 29Security .Minimize the damage.Where possible, make sure (Video web hosting)
January 12, 2007 on 6:36 am | In php | No Comments553Chapter 29Security .Minimize the damage.Where possible, make sure that the damage possible from a par- ticular type of security breach is minimal. Encrypt sensitive data. If you run your ownWeb server, make sure it is running as a dummy user. .Finally, if you run your own server, spend some time breaking into it. If you re successful, then you ve identified a vulnerability that you can patch before an intruder finds it. Ifyou re unsuccessful, you ve learned something about your server, and your securityprecautions have weathered a good test. If you don t run your server, find out whodoes, and see what he or she can tell you about your site s security. …
Note: If you are looking for cheap and quality provider to host and run your java application check Astra java hosting services
552Part IIIAdvanced Features and TechniquesFYI: Security Web SitesIf (Vtiger hosting)
January 9, 2007 on 2:31 pm | In php | No Comments552Part IIIAdvanced Features and TechniquesFYI: Security Web SitesIf you are losing sleep after reading this chapter, fear not. Every administrator and site designeraround the world is grappling with the same issues, and there is a strong feeling of solidarityamong computer security professionals. Many Web sites are devoted to computer security, and almost all of them contain full descriptions of recent security incidents and ways to pro- tect your system from duplicate attacks. Some are designed for security professionals, whereasothers have the cracker in mind. Either way, the information they provide is useful and oftenvery interesting. Begin your explorations by checking out these sites: .Computer Emergency Response Team(CERT)(www.cert.org/):CERT is one of themost popular repositories of official descriptions of security incidents. It publishesadvisories on all sorts of security issues, including very clear descriptions of the prob- lem, vulnerable systems, and possible solutions. .Security-focus.com(www.securityfocus.com/):Security-focus.com provides a greatdeal of information on all aspects of computer security, from the legal and political tothe technical. It also hosts the well-known security mailing list, BugTraq (which can befound under Forums). .Rootshell(http://rootshell.com/): Rootshell is a well-respected site that containsfairly technical descriptions of many, many security vulnerabilities, including detaileddescriptions of how to exploit the vulnerability, as well as instructions on removing thevulnerability. .Insecure.Org(http://insecure.org/):Insecure.Org is a fairly well-established sitethat is not afraid to make cracking tools available and to discuss the nitty-gritty detailsof many exploits. This site can be extremely useful if you want to try to break intoyour own site. .L0pht Heavy Industries(http://www.l0pht.com/index.html):L0pht is another on-the-edge site, run by people who crack into machines for a living. They are paid todo this in the hopes that they can find a vulnerability before someone with maliciousintent does, and they report what they ve done on this site and others. The site alsocontains lots of interesting opinions on its soapbox. SummaryFor any significant Web site, security is a crucial part of the site s implementation. You shouldtake extreme care to secure your server from attack and also be sure to protect your visitors private information from prying eyes. In a time of enormous growth for online businesses, publication of a story about a major security breach can destroy visitors confidence in yoursite, driving them to the competition and possibly leaving your site to evaporate as quickly asit appeared. In this chapter, we ve driven home three basic lessons: .Don t trust the network.Every byte of data that comes from the Internet should betreated as potentially hazardous. Be as restrictive as possible in defining the inputs youallow. Prefer the solution that lists the acceptable inputs to the one that lists the unac- ceptable inputs. Be sure that your Web server configuration does not allow clients toview your source code or to work around your access restrictions.
Note: If you are looking for cheap and inexpensive provider to host and run your tomcat application check professional tomcat hosting services
551Chapter 29Security$key = get_user_key($username); $encr_hash = mcrypt_cbc(MCRYPT_BLOWFISH, $key, (Private tomcat hosting)
January 7, 2007 on 4:33 am | In php | No Comments551Chapter 29Security$key = get_user_key($username); $encr_hash = mcrypt_cbc(MCRYPT_BLOWFISH, $key, $hash, MCRYPT_ENCRYPT); $sfp = fopen($sig); $sig_data = fread($sig, $sig_size); fclose($sfp); if ($encr_hash != $sig_data) echo