HomeDevCentral
Diffusion Nasqueron Operations 88ad7d6558ab

Create individual PHP session directories per php-fpm user
88ad7d6558ab
Actions

Description

Create individual PHP session directories per php-fpm user

Summary:
To improve security for applications not using a custom session
handler, it's better to isolate sessions in a directory only
readable by the current php-fpm pool username.

As such, a security issue with one site allowing to browse files
won't allow to hijack sessions on a site served by another php-fpm pool.

Meanwhile, we reset to the default value in php.ini to allow quick tests
with php -S internal server on development servers.

Ref T417.

Test Plan: Test with www.dereckson.be

Reviewers: dereckson

Reviewed By: dereckson

Maniphest Tasks: T417

Differential Revision: https://devcentral.nasqueron.org/D1486

Details

Provenance
derecksonAuthored on Mar 23 2018, 19:13
derecksonPushed on Mar 23 2018, 20:37
Reviewer
dereckson
Differential Revision
D1486: Create individual PHP session directories per php-fpm user
Parents
rOPSd576d2e65eb3: Add comment block
Branches
Unknown
Tags
Unknown
Tasks
T417: Don't flood /tmp with variable files in top directory on Ysul

Changes (3)

PathSize
roles/
webserver-legacy/
php-sites/
files/

rOPS88ad7d6558ab

View Options

roles/webserver-legacy/php-sites/files/php-fpm-pool.conf

Loading...
View Options

roles/webserver-legacy/php-sites/files/php.ini

Loading...
View Options

roles/webserver-legacy/php-sites/php.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator