Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve PHP security recommendations #2423

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Improve PHP security recommendations #2423

wants to merge 6 commits into from

Conversation

glye
Copy link
Contributor

@glye glye commented Jul 3, 2024

Question Answer
JIRA Ticket N/A
Versions All supported
Edition All

PHP security improvement suggestion after discussion at https://ibexa.slack.com/archives/C0BJ6NGBT/p1719999336088349

Checklist

  • Text renders correctly
  • Text has been checked with vale
  • Description metadata is up to date
  • Redirects cover removed/moved pages
  • Code samples are working
  • PHP code samples have been fixed with PHP CS fixer
  • Added link to this PR in relevant JIRA ticket or code PR

@glye glye requested review from kmadejski, mnocon and reithor July 3, 2024 10:58
mnocon
mnocon reviewed Jul 3, 2024
View reviewed changes
docs/infrastructure_and_maintenance/security/security_checklist.md Outdated Show resolved Hide resolved
docs/infrastructure_and_maintenance/security/security_checklist.md Outdated Show resolved Hide resolved
docs/infrastructure_and_maintenance/security/security_checklist.md
### Other PHP settings

Consider what other security related settings are relevant for your needs.
The [OWASP PHP Configuration Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/PHP_Configuration_Cheat_Sheet.html)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seeing that it doesn't even acknowledge PHP 8 and was not updated in 4 years I'm torn if we should mention it to be honest

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, same, but OWASP is such a great resource in general and this page links to others that are also good. I also expect the OWASP community to update this page eventually. I'm doubtfully leaning towards keeping it.

glye and others added 2 commits July 3, 2024 16:11
@glye @adriendupuis
Product name fixes
905b9d4 
Co-authored-by: Adrien Dupuis <[email protected]>
@glye @adriendupuis
Ini code
7df5894 
Co-authored-by: Adrien Dupuis <[email protected]>
julitafalcondusza
julitafalcondusza requested changes Jul 4, 2024
View reviewed changes
Copy link
Contributor

@julitafalcondusza julitafalcondusza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check my comment.

docs/infrastructure_and_maintenance/security/security_checklist.md Outdated Show resolved Hide resolved
@glye @julitafalcondusza
Wording
a453ffd 
Co-authored-by: julitafalcondusza <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mnocon mnocon mnocon left review comments

@adamwojs adamwojs adamwojs approved these changes

@kmadejski kmadejski kmadejski approved these changes

@konradoboza konradoboza konradoboza approved these changes

@julitafalcondusza julitafalcondusza julitafalcondusza approved these changes

@reithor reithor Awaiting requested review from reithor

@juskora juskora Awaiting requested review from juskora

@adriendupuis adriendupuis Awaiting requested review from adriendupuis

@dabrt dabrt Awaiting requested review from dabrt

Assignees
No one assigned
Labels
Needs DOC review
Projects
None yet
Milestone
No milestone
7 participants
@glye @adamwojs @kmadejski @mnocon @konradoboza @adriendupuis @julitafalcondusza