Differences

This shows you the differences between two versions of the page.

--- php [2007/01/24 22:15]
a +PHP Security Guide
+++ php [2007/02/13 01:16]
a
@@ Line 1: / Line 1: @@
 ====== PHP tips ======
 ===== Instalation tips =====
@@ Line 19: / Line 20: @@
         php_admin_value open_basedir "/var/www/domain_dir/:/home/"
+FIXME - styling needed
+''
+PHP to secure a setup, a good start is a secure php.ini, for example:
+- disable the Fopen Wrapper, allow_url_fopen = Off
+- use disable_classes and disable_functions like ini_alter, ini_get_all, ini_get, ini_restore, ini_set, php_get_tmpdir, php_ini_scanned_files, php_logo_guid, php_uname, phpcredits, phpinfo, phpversion, putenv, restore_include_path, set_include_path, set_time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open, time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open etc. etc.
+- set register_globals = off
+- set log_errors = on, error_reporting and error_log
+- use open_basedir and include_path
+- use safe_mode if possible''
 === see also: ===