How to properly secure OO PHP CMS?

Question

I have OO PHP application which serves pages as well it does payment card processing via external RBS payment gateway. There is also reporting database. The problem is when somebody exploits this PHP, he gains access to all the information about all users as well other reports plus he can modify pages via SQL. There is also admin, which is in separate folder (admin/). There are 100 websites pointing to the same document root and there are dozens of various modules with potential bugs. Do you have any preferable method for this? Currently it runs Ubuntu 12. The CMS I did myself, it's made out of several modules, for both frontend and backend.

Update: It is multi-tenant application.

ps. I'll answer with whatever I did soon, not sure if this is anything proper at the moment. — Andrew Smith, Jun 22 '12 at 10:48

score 2 · Answer 1 · edited Mar 17 '17 at 10:46

2

There are many many things you can do to ensure the security of your PHP application whether it is OO doesn't really make that much difference.

You could start by running some automated php auditing tools to pick up on the really obvious issues see here
Also more information about security attacks on php web applications
Basically you want to at least try and secure against the top 10 application security risks, but this is only a start.
Securing the application is only the first step you need to make sure that overall your server and every other part of your system is secure.

edited Mar 17 '17 at 10:46

Community

1

answered Jun 22 '12 at 14:25

Mark Davidson

9,367
6
43
61

Well I am experimenting with various solutions now, basically I need to protect sensitive data of the eCommerce application. – Andrew Smith Jun 22 '12 at 14:44
@AndrewSmith are you saying that you want to for example protect customer information (name, address, etc) from being viable by the attacker? – Mark Davidson Jun 22 '12 at 15:25
From being accessible by attacker. E.g. if I will manage to gain the PHP shell on the frontpage I wont be able to read the user data (name, address), the transactions (payments), wont be able to modify pages as well wont be able to gain any other access on the same subnet, at least to limit this as much as possible.. So I am thinking what would be architecture of it... On LAMP. – Andrew Smith Jun 22 '12 at 16:18

score 1 · Accepted Answer · answered Jun 24 '12 at 06:49

If you're using a third-party application, then you're at their mercy for security. If they did not follow proper security practices in writing their code (and even still most PHP developers do not) then your application is probably exploitable. At that point, the only thing you can really do is damage control.

If you find yourself in that situation, then what you want is isolation. Try to divide your application or your site or your workflow or your server into separately securable zones. Each has its own server credentials and its own permission set, and communication between them only happens according to some well-defined and restricted protocol rather than simply sharing resources. This way if a breach happens in one area, it can't be leveraged to get to anything valuable.

Maybe memcached be a good option to do communication between instances. I can make each module into separate context like cloud server or SELinux, but now the problem is how to exchage data. For example if memcached runs from a separate user and the data can be queried using cookie as they key, I think this should be OK. — Andrew Smith, Jun 24 '12 at 16:32

How to properly secure OO PHP CMS?

2 Answers2