3.8 Security Configuration
The defaults for most configurations are not secure by default. This lesson examines Apache and PHP default settings in detail. I'll point out some vulnerabilities that exist in these default configurations and show you how to implement more secure settings. Some applications like MySQL come with a secure installation script, and I'll show you how to configure this script.
I'll also discuss the difference between blacklist and whitelist security approaches, and I'll talk about the dangers of using known defaults for passwords and usernames.