On Oct 15, 2011, at 4:41 AM, Raf Czlonka wrote: > On Fri, Oct 07, 2011 at 06:24:46PM BST, Glenn English wrote: >> I don't do php on my web server because I was told of huge security problems >> in it -- and until I turned off the php interpreter in Apache, I got many >> break in attempts involving phpAdmin and such. >> >> Do any of you know of a similar package in, say, Perl or Python? Or can >> anyone convince me that php is safe? > > The system is as safe and secure as its administrator allows it to be. > Hardly anything is secure out of the box, even the default OpenBSD > install had two remote holes over the years. > Scott already gave you the advice you need. > Rule of thumb: only allow access to the bare minimum from the outside > world.
Thanks to the list for the advice. Since the guy who wants a WordPress site is a friend and an MD who has done a whole lot for me over the past few years, I'm going to allow it on my server -- with the agreement that if any sign of trouble appears, the site and everything having to do with PHP goes. I've learned a lot in this past week, so I'm going to bypass their "5 minute install" and go with the Debian package and a whole lot of security measures. > Good luck, Thanks, and I hope I don't need it... -- Glenn English -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/76f1db73-3c1e-488d-ba59-4d5470f29...@slsware.com
