Modern Browser Security

Having been out of the loop since 2020, restoring systems to operational has hit a few problems that perhaps should have been expected. The drive to only allow SSL/TLS certificated websites was not a problem and had been completed thanks in part to Letsencrypt which provides them via a free service. Relying on a fairly conventional services stack, tools to support their use are well defined and crib sheets, while slightly out of date, fill in the new gaps in knowledge. The servers are currently running openSUSE Leap 15.6 on top of which we have nginx, PHP and for databases Firebird.

While provisioning certificates for the sites is simple enough, the extra security was initially preventing many things from running. Adding into the equation that PHP7.3 was required as PHP7.4 further adds to the warning messages that appear. With PHP8.4 just around the corner then a substantial amount of work will need to be done to update some now well outdated code. Fortunately some key areas have already been addressed which may or may not be helpful. The mainweb framework is a package called bitweaver and this has been advanced in recent times, and the current code base is on github. Supporting this base are two useful interfaces, Smarty providing the templating system and ADOdb providing the engine agnostic database interface.

The main problem moving forward is to ensure that tens of gigabytes of material stored in the existing website databases are still readable transparently after a change to the code. This has not been a problem in the past and even the removal of the firebird driver from PHP a few versions back has not stopped this element from working. I am seeing some good feedback from the Firebird team that PHP8.4 will support the PDO firebird driver and since ADOdb supports both anyway we should be onto a winner.

Next step is to document exactly where I have got to with all of the above changes. I am at least running the latest version of Nginx and a current certificate service. I have the default PHP7.4 running from the openSUSE repository, as well as a copy of PHP7.3 and I can switch between the two by a simple change of number in the nginx configuration. Addressing PHP8 will be handled the same way as openSUSE does not support running 7 and 8 side by side. I am sure in the past we did have that facility, but I may be mistaken. In any case building different PHP8 versions is not difficult to do as the PHP7.3 one has shown. Again, just need to document it all while it is fresh in my mind.

ToDo List
SSL on openSUSE
Nginx configuration Version 1.21.5
PHP version installation PHP7.4.33 is the latest V7 build and PHP7.3.33 is running along side it
Firebird Upgrade Currently running FB3.0.4 in a slightly legacy security model, but works fine since only PHP accesses it.
Cloning code from github While I do not like the platform, all the code I need is now managed on github.