More attention to security, deployment, big data and timeouts

[amtriorix]

Prestashop should test more profoundly the current versions.

Especially timeouts, multisite redirection in the backend and in my opinion prestashop should step away from Apache
and their strong bindings to their rewrite rules inside .htaccess so Nginx can come into the game. 

Including redis support and the possibility to use postgreSQL is needed. There is no need if you do use an abstraction of the database layer to bind so tight to Mysql. Prestashop should be compatible with other databases as well and direct queries should be removed from the core and all modules that to not use Doctrine or the database abstraction layer.

At the moments security is a huge issue too due to umasks that are set too tolerant. Webserver data should NEVER give permissions to 'others', Especially where most users use PHP-FPM in a pro environment and a dedicated user inside there PHP-FPM.conf settings. In the code we see umask() functions that set permissions to others.

Additional still issues with scripts that written in such bad way, they do not consider timeouts.
Every script that runs for more then 180s (withour refresh techniques and/or queues) is by definition written wrongly.

Some PHP developers clearly think that writing PHP code is the same as writting regular software where you do not take into account the timeout of the webserver, the appserver (php-fpm) and the caching.

And finally testbase your code with big data, not with a small pool of data so You can see the speed down implications and/or errors arising when upgrade, backup, etc.

How security should be set (this is nginx, but you can substitute nginx for www-data (or www in case of xxxBSD):

I am using following setup on my LEMP (Nginx + PHP-FPM).

1. PHP-FPM runs several pools as nobody:user1, nobody:user2 ...
2. Nginx runs as nginx:nginx

User nginx (www, www-data) is a member of each user1, user2.. groups:

# usermod -a -G user5 nginx

File permissions:

root:root    drwx--x--x   /home
user1:user1  drwx--x---   /home/user1                       (1)
user1:user1   rwxr-x---   /home/user1/site.com/config.php   (2)
user1:user1  drwxrwx---   /home/user1/site.com/uploads      (3)
nobody:user1  rw-rw----   /home/user1/site.com/uploads/avatar.gif   (4)

(1) User's home dir has no x permission for other, so php-fpm pool running as nobody:user2 will not have access to /home/user1 and vice versa.

(2) php script doesn't have w for group, so it cannot create files in htdocs.

(3) On uploads dir we should manually enable write access for group user1, to enable php script to put files there. Don't forget to disable php handler for uploads, in nginx this is made by

server {
    ....
    location ^~ /uploads/ { }

but for Apache you should check.

(4) uploaded files should also have w for group if we want user1 to be able to edit these files later via ftp or ssh (logging in as user1:user1). Php code is also editable via ftp since user1 is its owner.

Nginx will have read access to all users and write access to all user's uploads since user nginx is a member of each user1, user2, ... groups. You should not forget to add it to all later groups. You can also modify useradd script to do it automatically.

Edited just now by amtriorix

Edited July 11, 2018 by amtriorix (see edit history)

[masterblaster]

Hello,

I agree on all the line !

Regarding permissions and umask issue there is this well-explained
forge thread that is still in "To Be Reproduced" status (!) : Forge

 

 

[NetLink]

Insecure file permissions #11634
https://github.com/PrestaShop/PrestaShop/issues/11634