Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Install OpenBSD to Secure Your Web Server : Page 5

Designed to be "secure by default", the OpenBSD server operating system offers comprehensive security features. Learn how to perform a network install of this OS—along with PHP4 and MySQL—to keep sensitive data protected.


advertisement

Connect to MySQL Using PHP

To connect to MySQL from PHP, you need to create a new PHP document:

vi mysql.php <html> <head> <title>PHP MySQL connection test</title> <body> <?php $connect = mysql_connect('localhost', 'root', 'yourpasswordhere'); // if no connect then die if (!connect) { die('something went wrong' .mysql_error()); } echo 'It is time to enjoy your new OpenBSD Apache PHP MySQL powered web server.'; // good form to close the connection mysql_close($connect); // close the php ?> </body> </html>

Mission Accomplished

If you followed these directions correctly, you now have the magic key to OpenBSD 3.6, Apache 1.3.29 mod_ssl/2.8.16, OpenSSL/0.9.7d, MySQL 4.0.20, and PHP 4.3.10. NEVER GIVE UP ROOT! OpenBSD ships "secure by default", meaning all non-essential services are disabled. The OpenBSD code-auditing team promotes open source as the only real solution to a truly transparent security model. This working model greatly simplifies the system administrator’s security duties. Security becomes a consideration prior to implementing new services rather than an after-the-fact, hole-plugging technique.



OpenBSD also ships with Apache chrooted by default. While this will create some challenges for the system admin with certain programs, the benefit is that should Apache become compromised the cracker will not have write access to the operating system. Running Apache "jailed" restricts the daemon from "seeing" beyond the root directory of the chrooted directory (the cracker may not get beyond read access to Apache).

While not immune to security breaches, OpenBSD takes a proactive stance against cracking techniques. Buffer overflow attacks are historically a weak point in *nix systems, so OpenBSD has taken measures to protect the stack and to ensure that no page is both writeable and executable at the same time. It is a credit to the OpenBSD community that security announcements are few and far between.

Proactive security, however, is a continual process. Keeping up to date is important. To receive security announcements from OpenBSD, to OpenBSD.org with "subscribe security-announce" in the message body.

Security concerns need to be based on the value of your data. My next article will demonstrate how to use SSH to remotely administer your OpenBSD/Apache/PHP/MySQL Web server.



Gregory L. Magnusson is the founder of Cyborg Spiders Web Development. Since experiencing X-Windows with FreeBSD in 1999, he hasn't looked back. In the current horse race of developing Web technologies, Greg is putting his money on PHP.
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap