This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

PHP hardening

Posted on 08-24-2017 12:32 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Given that PHP has become a popular target for hacking attempts; we require to secure its configuration as much as possible, to help protect it from hacking vulnerabilities.

Please advise which of the following changes to php.ini may have already been taken in the Apigee Edge installer, and which we should configure ourselves (and any which we must not configure that might impact the functioning of the Developer Portal?):

https://howtogetonline.com/how-to-harden-your-php-for-better-security.php Additional Information

0 1 804
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
ncardace
Staff
Reply posted on --/--/---- --:-- AM

Hi Rohan,

the best approach is to use automated vulnerability scanners that will provide as output the list of vulnerabilities and the corresponding mandated and/or recommended remediations. They will include the changes to the PHP configuration.

See here for a list from the OWASP, both open source/free and commercial:

https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools

Developer Portal installer performs a subset of those, but it is not exhaustive nor update.

Regarding your link, yes, php.ini is one of the files that need changes from the defaults during the security hardening. Some settings are use-case specific.

php.ini security hardening is required to comply the guidelines for the Drupal CMS platform.

In detail we have security checklists for Developer Portal here: http://docs.apigee.com/developer-services/content/securing-your-portal

Hope this helps,

Best regards

Nicola

0 Likes