Am Freitag 05 Februar 2010 schrieb Guy.Baconniere@swisscom.com: > In term of isolation I prefere VMware, KVM or Xen then add > mod_security to Apache2, grsecurity to kernel can help > to circonvent most of the exploits to gain root. Would that be really less effort than fixing the PHP applications? If so, I still recommend getting an indemnification from your employer *first*. Yes, all of this can improve security of insecure PHP applications. But it is not fixing the insecurity at its source. Still, even with modern PHP applications there might be security holes since it is not that easy to write secure PHP applications at all - and thus something like mod_security makes sense anyway. -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7
Attachment:
signature.asc
Description: This is a digitally signed message part.