From: Vincent Deffontaines <gryzor@apache.org>
Date: Sun, 8 Feb 2009 16:30:24 +0000 (+0000)
Subject: Added a section about dynamic content security, and a couple of pointers to
X-Git-Tag: 2.3.2~74
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9afb8318f53ef42a084b20dc8bb50fe9c42cbeb7;p=apache

Added a section about dynamic content security, and a couple of pointers to
external projects.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@742125 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/misc/security_tips.html.en b/docs/manual/misc/security_tips.html.en
index c407dc4142..52f450c1b3 100644
--- a/docs/manual/misc/security_tips.html.en
+++ b/docs/manual/misc/security_tips.html.en
@@ -35,6 +35,7 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi">Non Script Aliased CGI</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi">Script Aliased CGI</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#dynamic">Other sources of dynamic content</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#dynamicsec">Dynamic content security</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">Protecting System Settings</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">Protect Server Files by Default</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">Watching Your Logs</a></li>
@@ -296,6 +297,24 @@
 
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
+<h2><a name="dynamicsec" id="dynamicsec">Dynamic content security</a></h2>
+
+  
+
+  <p>When setting up dynamic content, such as <code>mod_php</code>,
+  <code>mod_perl</code> or <code>mod_python</code>, many security considerations
+  get out of the scope of <code>httpd</code> itself, and you need to consult
+  documentation from those modules. For example, PHP lets you setup <a href="http://www.php.net/manual/en/ini.sect.safe-mode.php">Safe Mode</a>,
+  which is most usually disabled by default. Another example is <a href="http://www.hardened-php.net/suhosin/">Suhosin</a>, a PHP addon for more
+  security. For more information about those, consult each project
+  documentation.</p>
+
+  <p>At the Apache level, a module named <a href="http://modsecurity.org/">mod_security</a>
+  can be seen as a HTTP firewall and, provided you configure it finely enough,
+  can help you enhance your dynamic content security.</p>
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
 <h2><a name="systemsettings" id="systemsettings">Protecting System Settings</a></h2>
 
     
diff --git a/docs/manual/misc/security_tips.xml b/docs/manual/misc/security_tips.xml
index 104617d51e..ee99c006e1 100644
--- a/docs/manual/misc/security_tips.xml
+++ b/docs/manual/misc/security_tips.xml
@@ -291,6 +291,25 @@
   the server user can. Some scripting engines may provide restrictions, but
   it is better to be safe and assume not.</p>
 
+  </section>
+   <section id="dynamicsec">
+
+  <title>Dynamic content security</title>
+
+  <p>When setting up dynamic content, such as <code>mod_php</code>,
+  <code>mod_perl</code> or <code>mod_python</code>, many security considerations
+  get out of the scope of <code>httpd</code> itself, and you need to consult
+  documentation from those modules. For example, PHP lets you setup <a
+  href="http://www.php.net/manual/en/ini.sect.safe-mode.php">Safe Mode</a>,
+  which is most usually disabled by default. Another example is <a
+  href="http://www.hardened-php.net/suhosin/">Suhosin</a>, a PHP addon for more
+  security. For more information about those, consult each project
+  documentation.</p>
+
+  <p>At the Apache level, a module named <a href="http://modsecurity.org/">mod_security</a>
+  can be seen as a HTTP firewall and, provided you configure it finely enough,
+  can help you enhance your dynamic content security.</p>
+
   </section>
 
   <section id="systemsettings">