From b4db9a23e16dbbcb1396e4322e7bf70c5048601e Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 1 Jun 2015 17:58:02 +0200 Subject: [PATCH 1/2] Add hints to use newest PHP version --- .../configuration_server/harden_server.rst | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/admin_manual/configuration_server/harden_server.rst b/admin_manual/configuration_server/harden_server.rst index f8ee8ad61..b4ef0c481 100644 --- a/admin_manual/configuration_server/harden_server.rst +++ b/admin_manual/configuration_server/harden_server.rst @@ -18,7 +18,11 @@ run ownCloud Server on Apache2 on a Linux environment. Limit on Password Length ------------------------ -ownCloud uses the bcrypt algorithm and thus for security and performance reasons, e.g. Denial of Service as CPU demand increases exponentially, it only verifies the first 72 characters of passwords. This applies to all passwords that you use in ownCloud: user passwords, passwords on link shares, and passwords on external shares. +ownCloud uses the bcrypt algorithm and thus for security and performance reasons, +e.g. Denial of Service as CPU demand increases exponentially, it only verifies +the first 72 characters of passwords. This applies to all passwords that you use +in ownCloud: user passwords, passwords on link shares, and passwords on external +shares. Operating system ---------------- @@ -43,6 +47,17 @@ It is highly recommend to enable hardening modules such as SELinux where possible. See :doc:`../installation/selinux_configuration` to learn more about SELinux. +Use newest PHP version +********************** +Some security features and hardenings in PHP are only available in the latest +PHP release and thus it is recommended to run the latest PHP version. You can +find the latest version on http://php.net/. + +While distributions are trying to backport security patches there have been +quite some cases where some has been missed or only backported after a long +period of time, sometimes up to a few years. Also all security hardenings +are usually not backported. + Deployment ---------- From 94603363fe5e13cbfb5465bbb515bdca262e4214 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Tue, 2 Jun 2015 18:43:41 +0200 Subject: [PATCH 2/2] Reword as suggested by Carla --- admin_manual/configuration_server/harden_server.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/admin_manual/configuration_server/harden_server.rst b/admin_manual/configuration_server/harden_server.rst index b4ef0c481..940fecf3c 100644 --- a/admin_manual/configuration_server/harden_server.rst +++ b/admin_manual/configuration_server/harden_server.rst @@ -53,10 +53,9 @@ Some security features and hardenings in PHP are only available in the latest PHP release and thus it is recommended to run the latest PHP version. You can find the latest version on http://php.net/. -While distributions are trying to backport security patches there have been -quite some cases where some has been missed or only backported after a long -period of time, sometimes up to a few years. Also all security hardenings -are usually not backported. +Some Linux distributions backport security patches, but this is not reliable as +some get missed, or the backports are years late. It is always best to run the +latest PHP version. Deployment ----------