One thing worth considering if the security of your server is of paramount important is a project known as Hardened PHP. This is a set of patches to the PHP source code that make the task of hacking your server by exploiting PHP that much harder. Hardened PHP is not an official PHP project, and so cannot be relied upon to be as stable as the core PHP release, however it is just a set of minor patches and so isn't likely to affect stability at all.
Does it make PHP more secure? That's hard to say: very few people have been hit by PHP exploits in its existence, so most of us don't really have a reason to switch to the hardened release. If you stop using a straight PHP build and instead use Hardened PHP, you may find other tools stop working - particularly things like Zend Performance Suite, that require in-depth knowledge of your PHP build.
If you're using Hardened PHP I'd love to hear your experiences.
Next chapter: Summary >>
Previous chapter: Changing block cipher mode
Home: Table of Contents