PHP tips
Instalation tips
Securing PHP code
For a start, put disable_functions = “system, exec” in php.ini.
expose_php = Off display_errors = Off allow_url_fopen = Off session.use_trans_sid = 0 session.use_only_cookies = 1 #output_buffering = 4096 #per vhost: php_admin_flag safe_mode On php_admin_value open_basedir "/var/www/domain_dir/:/home/" php_admin_value sendmail_from webmaster@example.com php_admin_flag display_errors On php_admin_value safe_mode_include_dir "/usr/share/php/" # php_admin_value default_charset "UTF-8" php_admin_value default_charset "windows-1250"
PHP to secure a setup, a good start is a secure php.ini, for example:
- disable the Fopen Wrapper, allow_url_fopen = Off
- use disable_classes and disable_functions like: - ini_alter, ini_get_all, ini_get, ini_restore, ini_set, php_get_tmpdir, php_ini_scanned_files, php_logo_guid, php_uname, phpcredits, phpinfo, phpversion, putenv, restore_include_path, set_include_path, set_time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open, time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open etc. etc.
- set register_globals = off
- set log_errors = on, error_reporting and error_log
- use open_basedir and include_path
- use safe_mode if possible
allow_call_time_pass_reference = Off magic_quotes_gpc = Off register_long_arrays = Off register_argc_argv = Off allow_url_fopen = Off expose_php = Off disable_functions = symlink,shell_exec,proc_close,proc_open,dl,passthru,escapeshellarg,escapeshellcmd,openlog, apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual, phpinfo
see also:
- [ISN] Secure PHP Configuration (local mirror)
Speeding it up
Things that will make your PHP code execute a bit faster .. remember that blowt code will still remain blowt code!
, so try to do as much optimization as posible inside algorthyms you are coding.
Zend Optimizer
Instalation
Get Zend optimizer from http://www.zend.com/products/zend_optimizer or here (Local mirrors)
php.ini
[Zend] zend_optimizer.enable_loader=0 zend_optimizer.disable_licensing=0 zend_optimizer.licence_path=0
Configuration
php.ini
[Zend] zend_optimizer.optimization_level=15 zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.1.0 zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.1.0 zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so
Fix the paths to the Zend libraries
EAccelerator
Instalation
- Download source from http://eaccelerator.net/
- Requirements: apache 1.3, apache 2.0 (prefork), mod_php4/5, autoconf, automake, libtool, m4
export PHP_PREFIX="/usr" $PHP_PREFIX/bin/phpize ./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config make make install
–without-eaccelerator-use-inode [bug with open_basedir - safe mode]
Eaccelerator with Zend Optimizer
/etc/php/*/php.ini
[EAccelerator] zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20020429/eaccelerator.so" eaccelerator.shm_size="32" eaccelerator.cache_dir="/tmp/eaccelerator" ; if you use disk cache - folder MUST exist eaccelerator.enable="1" eaccelerator.optimizer="1" eaccelerator.check_mtime="1" eaccelerator.debug="0" eaccelerator.filter="" eaccelerator.shm_max="0" eaccelerator.shm_ttl="0" eaccelerator.shm_prune_period="0" eaccelerator.shm_only="1" ; doesn't save cache to disk (cache_dir) eaccelerator.compress="0" eaccelerator.compress_level="9"
[Zend] zend_optimizer.optimization_level=15 zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.5.10 zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.5.10 zend_optimizer.version=2.5.10a zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so
Be sure to fix the PATH to Zend and eaccelerator libraries
eaccelerator php.ini tricks