PHP tips

Instalation tips

FIXME

Securing PHP code

For a start, put disable_functions = “system, exec” in php.ini.

expose_php = Off 
display_errors = Off 
allow_url_fopen = Off 

session.use_trans_sid = 0 
session.use_only_cookies = 1 

#output_buffering = 4096 

#per vhost:
        php_admin_flag safe_mode On
        php_admin_value open_basedir "/var/www/domain_dir/:/home/"
        php_admin_value sendmail_from webmaster@example.com
 
 
        php_admin_flag display_errors On
        php_admin_value safe_mode_include_dir "/usr/share/php/"
#       php_admin_value default_charset "UTF-8"
        php_admin_value default_charset "windows-1250"

PHP to secure a setup, a good start is a secure php.ini, for example:

  • disable the Fopen Wrapper, allow_url_fopen = Off
  • use disable_classes and disable_functions like: - ini_alter, ini_get_all, ini_get, ini_restore, ini_set, php_get_tmpdir, php_ini_scanned_files, php_logo_guid, php_uname, phpcredits, phpinfo, phpversion, putenv, restore_include_path, set_include_path, set_time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open, time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open etc. etc.
  • set register_globals = off
  • set log_errors = on, error_reporting and error_log
  • use open_basedir and include_path
  • use safe_mode if possible
allow_call_time_pass_reference = Off
magic_quotes_gpc = Off
register_long_arrays = Off
register_argc_argv = Off
allow_url_fopen = Off
expose_php = Off
disable_functions = symlink,shell_exec,proc_close,proc_open,dl,passthru,escapeshellarg,escapeshellcmd,openlog, apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual, phpinfo

see also:

Speeding it up

Things that will make your PHP code execute a bit faster .. remember that blowt code will still remain blowt code!, so try to do as much optimization as posible inside algorthyms you are coding.

Zend Optimizer

Instalation

Get Zend optimizer from http://www.zend.com/products/zend_optimizer or here (Local mirrors)

php.ini

[Zend]
zend_optimizer.enable_loader=0
zend_optimizer.disable_licensing=0
zend_optimizer.licence_path=0

Configuration

php.ini

[Zend]
zend_optimizer.optimization_level=15
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.1.0
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.1.0
zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

Fix the paths to the Zend libraries

EAccelerator

Instalation

  • Download source from http://eaccelerator.net/
  • Requirements: apache 1.3, apache 2.0 (prefork), mod_php4/5, autoconf, automake, libtool, m4
export PHP_PREFIX="/usr"
$PHP_PREFIX/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
make
make install

–without-eaccelerator-use-inode [bug with open_basedir - safe mode]

Eaccelerator with Zend Optimizer

/etc/php/*/php.ini

[EAccelerator]
zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20020429/eaccelerator.so"
eaccelerator.shm_size="32"
eaccelerator.cache_dir="/tmp/eaccelerator"   ; if you use disk cache - folder MUST exist
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="1"                   ; doesn't save cache to disk (cache_dir)
eaccelerator.compress="0"
eaccelerator.compress_level="9"
[Zend]
zend_optimizer.optimization_level=15
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.5.10
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.5.10
zend_optimizer.version=2.5.10a
zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

Be sure to fix the PATH to Zend and eaccelerator libraries

eaccelerator php.ini tricks

Zend

php.txt · Last modified: 2010/02/20 14:43 by greebo
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready