In this modern era nothing is secure, so you should know each and every problems and their solutions ready with you. Today we will be telling you the security risks involved with PHP and MySQL database and taking precautions.
1. Transmit Information with POST method: PHP uses POST and GET to transmit information. Always use POST method to hide the information. When you use GET method, the information is transmitted through a URL and therefore quite visible. This leaves sensitive information very vulnerable to hijacks.
2. Use php-fpm to install PHP: The fastcgi process manager php-fpm makes it easy for you to be able to manage and run PHP applications in their own user group. When you run Apache and PHP as separate users the security risks of one compromised application being able to compromise another application is considerably reduced.
3. Validate form and text input: A form can be used to inject or upload malicious scripts. Validating form and file input can help prevent cross site scripting and SQL injection. It is important to prevent these notorious hacking methods as they are the vulnerabilities that hackers can easily target with malicious code.
4. Hiding PHP version: We have focused on the importance of hiding the version of the software that you are running. It is just as critical to hide the PHP version as it is to hide your Apache web server version. If you want to hide the php version, open the php.ini file and edit the following:
expose_php = Off
5. Log the PHP errors to a file: Track all errors to identify unauthorized activity by logging them to a file. Hacking attempts often go through several trial and error before being able to actually hack into your sever. If these attempts are spread over days, logs can help you track and prevent the attacks. Use the following:
display_errors = Off
log_errors = On
error_log = /var/log/httpd/php_error.log
6. Secure your MySQL installation: The next step to secure a MySQL installation is to secure the users and databases by removing the ones that you don’t need. User accounts can be protected by creating strong passwords and the databases can be protected by limiting user’s access to their respective databases.
7. Run the MySQL Secure Install script: The mysql_secure_installation helps you to implement recommended security measures for a database. It must be run just after installing a MySQL database. We also pressurize you that lock root access to local host and add a MySQL root password and complete the steps to remove the databases that you do not need.