[CentOS] Web site development and security

Sat Oct 21 19:27:28 UTC 2006
Jim Perrin <jperrin at gmail.com>

> I'm looking at building a website and extranet on my CentOS server for my
> home business.  I use PHP for my intranet but I hear PHP is a big security
> sieve.  Can anybody recommend good books on website security and
> development?  Which procedural language should I use to do this?

Oreilly has a ton of decent books, but I prefer to look for tools
which are well written. Things that work with php in safe mode, and
don't require the use of globals, allow_url_fopen, etc. If the tools
you want to use do require these options, then you need to understand
the risks involved, and how to mitigate them. The two biggest security
shotguns I employ are selinux and mod_security. With these, and a sane
web application, you'll eliminate a good 95% of the security risks out
there. You may also want to check out www.onlamp.com but keep in mind
that you may need to modify any directions listed there to stay within
the parameters set by the distribution.

-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell