What are some precautions a LAMP application should undertake on initialisation?

Question

I want to write a PHP application that is going to do some checks first, to ensure an optimal and secure environment. I'm sure I alone can not think of everything, so what am I missing?

• Ensure MySQL username/password can SELECT, INSERT etc
• Update PHP timezone
• Check for register_globals and warn if enabled
• Ensure /install is deleted
• If no config file make one
• Ensure config file doesn't have write permissions
• Erase cache folder contents if over 50mb or so
• Make sure GD and PDO are installed and working

Please answer with any more ideas or if any of the above aern't a good idea. I probably realise the cache folder thing should be a cron job that runs every week or so.

Answer 1

Have you checked PHPSecInfo? It is going to do some really important PHP security-related configuration tests you should be aware of.

Answer 2

Adding to your database user check - check that they don't have permission for dangerous things you don't need - such as DROP.

Something you could check in installation could be to prompt the user to upload application logic above the webroot. This is completely off the cuff, but you could check if the current directory is the document root, and then whether you (the script) can access one level above. I know most shared hosting don't provide this (I'm with a host that does fortunately) but I think it should be taken advantage wherever possible. Otherwise, check that blank index.html/php files have been placed in 'inaccessible' directories to prevent file listing.

Answer 3

check for php version for the start, also check if magic quotes are enabled, those were enabled by default in earlier versions.