[[php]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
php [2006/05/25 12:10]
greebo 		php [2009/05/25 00:35]
127.0.0.1 external edit
Line 1: Line 1:
 ====== PHP tips ====== ====== PHP tips ======
 ===== Instalation tips ===== ===== Instalation tips =====
 +
 +
 +FIXME
 +
 +
  
  
Line 7: Line 12:
 For a start, put disable_functions = "system, exec" in php.ini.  For a start, put disable_functions = "system, exec" in php.ini. 
  
 +<code>
 +expose_php = Off 
 +display_errors = Off 
 +allow_url_fopen = Off 
  
 +session.use_trans_sid = 0 
 +session.use_only_cookies = 1 
 +
 +#output_buffering = 4096 
 +
 +#per vhost:
 +        php_admin_flag safe_mode On
 +        php_admin_value open_basedir "/var/www/domain_dir/:/home/"
 +        php_admin_value sendmail_from webmaster@example.com
 + 
 + 
 +        php_admin_flag display_errors On
 +        php_admin_value safe_mode_include_dir "/usr/share/php/"
 +#       php_admin_value default_charset "UTF-8"
 +        php_admin_value default_charset "windows-1250"
 +
 +</code>
 +
 +**PHP to secure a setup, a good start is a secure php.ini, for example:**
 +   * disable the Fopen Wrapper, **allow_url_fopen** = Off
 +   * use disable_classes and disable_functions like: - ini_alter, ini_get_all, ini_get, ini_restore, ini_set, php_get_tmpdir, php_ini_scanned_files, php_logo_guid, php_uname, phpcredits, phpinfo, phpversion, putenv, restore_include_path, set_include_path, set_time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open, time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open etc. etc.
 +   * set **register_globals = off**
 +   * set log_errors = on, error_reporting and error_log
 +   * use **open_basedir** and include_path
 +   * use **safe_mode** if possible
 +
 +<code>
 +allow_call_time_pass_reference = Off
 +magic_quotes_gpc = Off
 +register_long_arrays = Off
 +register_argc_argv = Off
 +allow_url_fopen = Off
 expose_php = Off expose_php = Off
-display_errors Off+disable_functions symlink,shell_exec,proc_close,proc_open,dl,passthru,escapeshellarg,escapeshellcmd,openlog, apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual, phpinfo 
 +</code> 
 + 
 + 
 +=== see also: === 
 +   * **[[http://www.hardened-php.net/suhosin/configuration.html|Suhosin Configuration]]** 
 +   * [[http://www.hardened-php.net/|PHP Hardening-Patch]] 
 +   * [[http://phpsec.org/projects/guide/|PHP Security Guide]] 
 +   * [[http://www.infosecnews.org/pipermail/isn/2007-March/014423.html|[ISN] Secure PHP Configuration]] (local {{014423.html|mirror}}) 
  
-TODO 
  
  
Line 26: Line 75:
 ==== Zend Optimizer ==== ==== Zend Optimizer ====
 === Instalation === === Instalation ===
-Get Zend optimizer from [[http://www.zend.com/products/zend_optimizer]]+Get Zend optimizer from [[http://www.zend.com/products/zend_optimizer]] or [[:zend|here (Local mirrors)]]
  
 **''php.ini''** **''php.ini''**
php.txt · Last modified: 2010/02/20 14:43 by greebo
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready