Page MenuHomeDevCentral
Differential D1486

Create individual PHP session directories per php-fpm user
ClosedPublic
Actions

Authored by dereckson on Mar 23 2018, 19:25.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Nov 18, 10:06
Unknown Object (File)
Mon, Nov 18, 09:45
Unknown Object (File)
Thu, Nov 14, 19:29
Unknown Object (File)
Sat, Nov 9, 16:44
Unknown Object (File)
Thu, Nov 7, 14:38
Unknown Object (File)
Thu, Nov 7, 12:40
Unknown Object (File)
Tue, Nov 5, 23:57
Unknown Object (File)
Tue, Nov 5, 21:17
View All Files
Subscribers
None

Details

Reviewers
dereckson
Maniphest Tasks
T417: Don't flood /tmp with variable files in top directory on Ysul
Commits
rOPS88ad7d6558ab: Create individual PHP session directories per php-fpm user
Summary

To improve security for applications not using a custom session
handler, it's better to isolate sessions in a directory only
readable by the current php-fpm pool username.

As such, a security issue with one site allowing to browse files
won't allow to hijack sessions on a site served by another php-fpm pool.

Meanwhile, we reset to the default value in php.ini to allow quick tests
with php -S internal server on development servers.

Ref T417.

Test Plan

Test with www.dereckson.be

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson requested review of this revision.Mar 23 2018, 19:25
dereckson created this revision.
Harbormaster completed remote builds in B2342: Diff 3804.Mar 23 2018, 19:25
dereckson updated this revision to Diff 3805.Mar 23 2018, 20:36

fqdn

Harbormaster completed remote builds in B2343: Diff 3805.Mar 23 2018, 20:36
dereckson resigned from this revision.Mar 23 2018, 20:37
dereckson accepted this revision.
This revision is now accepted and ready to land.Mar 23 2018, 20:37
Closed by commit rOPS88ad7d6558ab: Create individual PHP session directories per php-fpm user (authored by dereckson). · Explain WhyMar 23 2018, 20:37
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
roles/
webserver-legacy/
php-sites/
files/
3 lines
4 lines
9 lines

Diff 3806

View Options

roles/webserver-legacy/php-sites/files/php-fpm-pool.conf

Loading...
View Options

roles/webserver-legacy/php-sites/files/php.ini

Loading...
View Options

roles/webserver-legacy/php-sites/php.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator