Are there PHP frameworks that would allow me to generate an application and then use it SECURELY on a shared hosting, as far as a shared hosting security can be achieved? By this I mean, for example, not requiring any app/tmp directory with 777 access.
Not Symfony -> http://trac.symfony-project.org/wiki/SharedHostingNotSecure
Not CakePHP -> http://book.cakephp.org/view/911/Permissions
CodeIgniter -> “If you’re a developer who lives in the real world of shared hosting accounts and clients with deadlines…” – looks promising, maybe this one? But I couldn’t find anything specific to shared hosting file permissions in the documentation
Maybe ZendFramework? (I am not sure if it is the same category as PHP framework, looks like)
Any existing possible frameworks to use SECURELY on shared hosting??
Having to declare directories with
777permissions is only a problem on cheapo and entry-level shared hosting systems. It’s common to see the safe_mode hack and openbasedir restrictions in that area, which only prevent access via PHP but not other CGI interpreters.Contemporary server setups use suexec/suphp, where every PHP scripts runs under the current accounts permissions. Therefore you don’t need any world-write directories and most PHP application should be secure against cross-account tampering at least. The framework itself doesn’t make a difference here.