PHP service

Related pages

The PHP service is a specialist facility provided to allow staff to host and manage PHP applications.

PHP files are accessed via php.york.ac.uk.

Overview

Eligibility

You must be a member of staff to request this service.

The PHP service includes a dedicated virtualised PHP server and storage.

This service should only be requested if the other web content services provided are not suitable for your requirements. 

The primary services we offer for publishing information on the web are:

You might also wish to consider other services we support, such as:

The PHP service is provided for circumstances where it is not appropriate or possible to use these services.

Please note, you will be need to write, manage and monitor your own PHP applications - we are unable to provide this as part of the service we offer.

Registration

To request access, you will need to ask your Departmental Computing Officer to email the Library & IT Help Desk.

Their message should include the web account name for authorisation, and why the CMS or ColdFusion are not suitable for your needs.

Please allow five days for us to set up your access.

Using the PHP service

URLs

PHP files are accessed via php.york.ac.uk (not www.york.ac.uk).

You can browse to your PHP site by going to http://php.york.ac.uk/fs/accountname or http://php.york.ac.uk/youryorkweb/path

  • eg http://php.york.ac.uk/depts/maths/tt

File and directory permissions 

  • Files should be group 33 and group readable
  • Directories must be group read and executable.
  • .inc files should only be readable by the user if they contain passwords

Files and directories should not be world read, write or executable and it is advised that you avoid granting "other" any privileges.

Maintenance

Your PHP applications and code may need updated or revised when the service is upgraded or due to new security risks.

You will need someone with PHP knowledge to maintain your site.

MySQL

MySQL databases are often used with PHP. MySQL is a separate service offered by IT Services.

You can request a MySQL database by contacting the Library & IT Help Desk.

PHP configuration

PHP has been installed with the following options:

  • mysql
  • libxml
  • zlib

Other libraries can be added if required.

Shared user environment security features

safe_mode is not enabled, however, open_basedir restricts file i/o to the your filestore area.

Some other insecure functions have been disabled.

We also run ModSecurity with the Core Ruleset and are firewalled for outgoing connections which can be adjusted depending on your requirements.

SSL

php.york.ac.uk has a SSL certificate which you can use to encrypt data transmission simply by using https:// instead of http://

You are encouraged to use this for transactions that include sensitive information or logins.

Help & troubleshooting

Library & IT Help Desk

If there are any problems with the PHP service, get in touch with the Library & IT Help Desk

Our commitments

Service status Live and supported service.
Hours of service 24/7
Service support For help and support with this service, contact the Library & IT Help Desk.
Hours of support Help from the Library & IT Help Desk is available 9am to 5pm, Monday to Friday.
Target availability

General IT Services targets:

Resilience

A highly available VMWare cluster provides resilience. 

All data is backed up in line with our standard backup policies.

Known risks

Security can only be maintained as long as you deploy secure code and keep third party applications up to date.
Review cycle Reviewed annually.
Our performance

Our service standards have been produced in consultation with our customers, and monitor the quality, timeliness and access to facilities and services:

Complaints procedure

If you wish to give us general feedback on this service, please see our Feedback page for ways to get in touch.

If you wish to make a complaint, please see our complaints procedure.

Your responsibilities

Data security and backups

PHP is a widely used web scripting language and there are many known vulnerabilities to be exploited.

You should take regular backups of your files and MySQL database (if you have one).

You should also carefully consider the security of private or personal information and contact IT Services if you have any concerns.

Third-party applications

It is the account owner's responsibility for all installation, configuration, administration and security of third-party applications.

You must ensure that all security issues are addressed quickly and that patches are applied which fix problems with the application.

If this is not done, in the interests of security we may de-activate the account until the situation is resolved.

IT Services cannot provide direct support for your applications but can advise on security best practice. Please contact the Library & IT Help Desk for more information.

Security advice

We recommend you read: