Table of Contents
PHP tips
Instalation tips
Securing PHP code
For a start, put disable_functions = “system, exec” in php.ini.
expose_php = Off
display_errors = Off
allow_url_fopen = Off
session.use_trans_sid = 0
session.use_only_cookies = 1
#output_buffering = 4096
#per vhost:
php_admin_flag safe_mode On
php_admin_value open_basedir "/var/www/domain_dir/:/home/"
php_admin_value sendmail_from webmaster@example.com
php_admin_flag display_errors On
php_admin_value safe_mode_include_dir "/usr/share/php/"
# php_admin_value default_charset "UTF-8"
php_admin_value default_charset "windows-1250"
PHP to secure a setup, a good start is a secure php.ini, for example:
- disable the Fopen Wrapper, allow_url_fopen = Off
- use disable_classes and disable_functions like: - ini_alter, ini_get_all, ini_get, ini_restore, ini_set, php_get_tmpdir, php_ini_scanned_files, php_logo_guid, php_uname, phpcredits, phpinfo, phpversion, putenv, restore_include_path, set_include_path, set_time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open, time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open etc. etc.
- set register_globals = off
- set log_errors = on, error_reporting and error_log
- use open_basedir and include_path
- use safe_mode if possible
allow_call_time_pass_reference = Off magic_quotes_gpc = Off register_long_arrays = Off register_argc_argv = Off allow_url_fopen = Off expose_php = Off disable_functions = symlink,shell_exec,proc_close,proc_open,dl,passthru,escapeshellarg,escapeshellcmd,openlog, apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual, phpinfo
see also:
- [ISN] Secure PHP Configuration (local mirror)
Speeding it up
Things that will make your PHP code execute a bit faster .. remember that blowt code will still remain blowt code!, so try to do as much optimization as posible inside algorthyms you are coding.
Zend Optimizer
Instalation
Get Zend optimizer from http://www.zend.com/products/zend_optimizer or here (Local mirrors)
php.ini
[Zend] zend_optimizer.enable_loader=0 zend_optimizer.disable_licensing=0 zend_optimizer.licence_path=0
Configuration
php.ini
[Zend] zend_optimizer.optimization_level=15 zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.1.0 zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.1.0 zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so
Fix the paths to the Zend libraries
EAccelerator
Instalation
- Download source from http://eaccelerator.net/
- Requirements: apache 1.3, apache 2.0 (prefork), mod_php4/5, autoconf, automake, libtool, m4
export PHP_PREFIX="/usr" $PHP_PREFIX/bin/phpize ./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config make make install
–without-eaccelerator-use-inode [bug with open_basedir - safe mode]
Eaccelerator with Zend Optimizer
/etc/php/*/php.ini
[EAccelerator] zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20020429/eaccelerator.so" eaccelerator.shm_size="32" eaccelerator.cache_dir="/tmp/eaccelerator" ; if you use disk cache - folder MUST exist eaccelerator.enable="1" eaccelerator.optimizer="1" eaccelerator.check_mtime="1" eaccelerator.debug="0" eaccelerator.filter="" eaccelerator.shm_max="0" eaccelerator.shm_ttl="0" eaccelerator.shm_prune_period="0" eaccelerator.shm_only="1" ; doesn't save cache to disk (cache_dir) eaccelerator.compress="0" eaccelerator.compress_level="9"
[Zend] zend_optimizer.optimization_level=15 zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.5.10 zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.5.10 zend_optimizer.version=2.5.10a zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so
Be sure to fix the PATH to Zend and eaccelerator libraries
eaccelerator php.ini tricks