museum-digital/MD_STD
33
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add class for enforcing explicit security instructions in any publicly accessible script #3

New Issue
Closed
opened 2020-11-11 11:28:42 +01:00 by jrenslin · 0 comments
jrenslin commented 2020-11-11 11:28:42 +01:00
Owner
Copy Link

PHP can be locked down dynamically far beyond what we can do on a server / vhost level. In some scripts, this has been done already.
A class, of which one instance is initialized in the bootstrap file and which throws erros in case no security and resource allocation instructions have been specified would improve the general security of the code.

Dynamic enforcing of security-related PHP settings is mainly focused on resource allocation and e.g. file uploads.
See: https://www.php.net/manual/en/function.ini-set.php

PHP can be locked down dynamically far beyond what we can do on a server / vhost level. In some scripts, this has been done already. A class, of which one instance is initialized in the bootstrap file and which throws erros in case no security and resource allocation instructions have been specified would improve the general security of the code. Dynamic enforcing of security-related PHP settings is mainly focused on resource allocation and e.g. file uploads. See: https://www.php.net/manual/en/function.ini-set.php
jrenslin added the
kind/feature
kind/security
priority/medium
 labels 2020-11-11 11:28:42 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
kind/breaking

Critical issue that breaks a page

  
kind/bug

Something is not working

  
kind/docs

This concerns the documentation

  
kind/enhancement

Improvements on existing features

  
kind/feature

New features

  
kind/lint

Code linting error

  
kind/proposal

Suggestion or proposal

  
kind/question

A question

  
kind/refactor

Refactoring code

  
kind/security

Security issue

  
kind/testing

Concerns the test setup

  
kind/translation

Concerns multilinguality

  
kind/ui

Concerns the user interface

  
priority/critical

Critical issue, highest priority

  
priority/high

High priority issue

  
priority/low

Low priority issue

  
priority/medium

Medium priority issue

  
reviewed/duplicate

This is a duplicate

  
reviewed/invalid

This is an invalid issue

  
reviewed/wontfix

This is issue will not be fixed

  
status/done

This issue has been fixed

  
status/needs-feedback

This issue needs feedback

  
kind/breaking

Critical issue that breaks a page

  
kind/bug

Something is not working

  
kind/docs

This concerns the documentation

  
kind/enhancement

Improvements on existing features

  
kind/feature

New features

  
kind/lint

Code linting error

  
kind/proposal

Suggestion or proposal

  
kind/question

A question

  
kind/refactor

Refactoring code

  
kind/security

Security issue

  
kind/testing

Concerns the test setup

  
kind/translation

Concerns multilinguality

  
kind/ui

Concerns the user interface

  
priority/critical

Critical issue, highest priority

  
priority/high

High priority issue

  
priority/low

Low priority issue

  
priority/medium

Medium priority issue

  
reviewed/duplicate

This is a duplicate

  
reviewed/invalid

This is an invalid issue

  
reviewed/wontfix

This is issue will not be fixed

  
status/done

This issue has been fixed

  
status/needs-feedback

This issue needs feedback

No Label
kind/breaking
kind/bug
kind/docs
kind/enhancement
kind/feature
kind/lint
kind/proposal
kind/question
kind/refactor
kind/security
kind/testing
kind/translation
kind/ui
priority/critical
priority/high
priority/low
priority/medium
reviewed/duplicate
reviewed/invalid
reviewed/wontfix
status/done
status/needs-feedback
kind/breaking
kind/bug
kind/docs
kind/enhancement
kind/feature
kind/lint
kind/proposal
kind/question
kind/refactor
kind/security
kind/testing
kind/translation
kind/ui
priority/critical
priority/high
priority/low
priority/medium
reviewed/duplicate
reviewed/invalid
reviewed/wontfix
status/done
status/needs-feedback
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: museum-digital/MD_STD#3
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?