Yii, Security and Shared hosting

Haai,

New here, new to Yii, and only know a little PHP, enough to get by though.

Are there any extra precautions I should take when using Yii in a shared hosting environment?

I’m also trying to find information shared hosting best practices with Yii, but haven’t found

anything so far, can anyone point me in the right direction? Even general information you

think would be worth reading would be good. :)

The host we are currently using does not use chroot jails unfortunately, so would it be a

good idea to request suPHP? Eh, scratch that, I’m planning on doing it anyway as I do think

it’s better than having scripts run as “nobody”.

Not sure if it helps, but the way i do it on my webserver with lot of domains: I copy the /framework folder of Yii into a directory in PHP’s include path. For convenience i often use /usr/share/php, which on my server looks like:


drwxr-xr-x  16 root root  624  4. Dez 2008  yii-1.0.0

drwxr-xr-x  16 root root  624  8. Jan 2009  yii-1.0.1

drwxr-xr-x  16 root root  624 29. Nov 2009  yii-1.0.10

drwxr-xr-x  16 root root  624 13. Dez 2009  yii-1.0.11

drwxr-xr-x  16 root root  624 27. Dez 2008  yii-1.0.2

drwxr-xr-x  16 root root  624 15. Apr 2009  yii-1.0.3

drwxr-xr-x  16 root root  624 11. Sep 2009  yii-1.0.8

drwxr-xr-x  16 root root  624 11. Okt 2009  yii-1.0.9

drwxr-xr-x  18 root root  696 16. Feb 12:41 yii-1.1.0

drwxr-xr-x  18 root root  696 16. Apr 15:34 yii-1.1.1

drwxr-xr-x  19 root root  720 21. Jun 15:06 yii-1.1.2

drwxr-xr-x  19 root root  720 15. Jul 15:44 yii-1.1.3

lrwxrwxrwx   1 root root    9  5. Jul 14:27 yii-latest -> yii-1.1.3

drwxr-xr-x  20 root root  744  5. Jul 03:50 yii-svn

drwxr-xr-x  17 root root  648  1. Apr 20:55 yii-svn-1.0



Now i have "global" access to all Yii versions and can switch them in the index.php very easily:


$dir=dirname(__FILE__);


$mainconf=require($dir.'/protected/config/main.php');

$localconf=require($dir.'/protected/config/localconf.php');


if (defined('YII_DEBUG') && YII_DEBUG)

    ini_set('error_reporting',E_ALL | E_STRICT);


//require('yii-1.0.9/yii.php');

//require('yii-1.0.10/yii.php');

require('yii-1.1.3/yii.php');

require($dir.'/protected/helpers/globals.php');


$config=CMap::mergeArray($mainconf,$localconf);

Yii::createWebApplication($config)->run();



Thanks :)

While that is useful, I don’t have a PHP include path available to me from this host. I will keep it in mind for when I get a VPS though.

Edit: Unless you mean the include path in the application’s configuration? I’m thinking of PHP’s include path as reported by phpinfo()

Yes, i meant PHP’s include path. Yii’s include path would not help to include itself ;).