Differences

This shows you the differences between two versions of the page.

--- php [2006/03/04 12:22]
193.77.104.168 created
+++ php [2010/02/20 14:43] (current)
greebo
@@ Line 1: / Line 1: @@
+====== PHP tips ======
+===== Instalation tips =====
+FIXME
+===== Securing PHP code =====
+For a start, put disable_functions = "system, exec" in php.ini.
+<code>
+expose_php = Off
+display_errors = Off
+allow_url_fopen = Off
+session.use_trans_sid = 0
+session.use_only_cookies = 1
+#output_buffering = 4096
+#per vhost:
+        php_admin_flag safe_mode On
+        php_admin_value open_basedir "/var/www/domain_dir/:/home/"
+        php_admin_value sendmail_from webmaster@example.com
+        php_admin_flag display_errors On
+        php_admin_value safe_mode_include_dir "/usr/share/php/"
+#       php_admin_value default_charset "UTF-8"
+        php_admin_value default_charset "windows-1250"
+</code>
+**PHP to secure a setup, a good start is a secure php.ini, for example:**
+   * disable the Fopen Wrapper, **allow_url_fopen** = Off
+   * use disable_classes and disable_functions like: - ini_alter, ini_get_all, ini_get, ini_restore, ini_set, php_get_tmpdir, php_ini_scanned_files, php_logo_guid, php_uname, phpcredits, phpinfo, phpversion, putenv, restore_include_path, set_include_path, set_time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open, time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open etc. etc.
+   * set **register_globals = off**
+   * set log_errors = on, error_reporting and error_log
+   * use **open_basedir** and include_path
+   * use **safe_mode** if possible
+<code>
+allow_call_time_pass_reference = Off
+magic_quotes_gpc = Off
+register_long_arrays = Off
+register_argc_argv = Off
+allow_url_fopen = Off
+expose_php = Off
+disable_functions = symlink,shell_exec,proc_close,proc_open,dl,passthru,escapeshellarg,escapeshellcmd,openlog, apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual, phpinfo
+</code>
+=== see also: ===
+   * **[[http://www.hardened-php.net/suhosin/configuration.html|Suhosin Configuration]]**
+   * [[http://www.hardened-php.net/|PHP Hardening-Patch]]
+   * [[http://phpsec.org/projects/guide/|PHP Security Guide]]
+   * [[http://www.infosecnews.org/pipermail/isn/2007-March/014423.html|[ISN] Secure PHP Configuration]] (local {{014423.html|mirror}})
+===== Speeding it up =====
+Things that will make your PHP code execute a bit faster .. ''remember that blowt code will still remain blowt code!'', so try to do as much optimization as posible inside algorthyms you are coding.
+   * See [[http://phplens.com/lens/php-book/optimizing-debugging-php.php|A HOWTO on Optimizing PHP]]
+   * See [[http://www.zend.com/zend/trick/trick-optimizing-php.php|Optimizing PHP Scripts]]
+   * See [[http://talks.php.net/show/acc_php/0|Accelerating PHP Applications (International PHP Conference 2004 - Ilia Alshanetsky)]]
+   * See [[http://www.phpbuilder.com/columns/weerning20021209.php3|Golden Rules for Optimizing Your Pages]]
+   * See [[http://www.dynamicwebpages.de/count/1540/tutorials/quebeck-conf-slides_performance-workshop_%5Bpdf%5D/|Quebeck-Conf-Slides: Performance-Workshop (PDF)]]
+   * See [[http://www.dynamicwebpages.de/count/1748/tutorials/zend_php_expo_slides_building_scalable_php_applications_%5Bpdf%5D/|Zend/PHP Expo Slides: Building Scalable PHP Applications (PDF)]]
+==== Zend Optimizer ====
+=== Instalation ===
+Get Zend optimizer from [[http://www.zend.com/products/zend_optimizer]] or [[:zend|here (Local mirrors)]]
+**''php.ini''**
+  [Zend]
+  zend_optimizer.enable_loader=0
+  zend_optimizer.disable_licensing=0
+  zend_optimizer.licence_path=0
+=== Configuration ===
+**''php.ini''**
+  [Zend]
+  zend_optimizer.optimization_level=15
+  zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.1.0
+  zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.1.0
+  zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
+  zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so
+''Fix the paths to the Zend libraries''
+==== EAccelerator ====
+=== Instalation ===
+  * Download source from [[http://eaccelerator.net/]]
+  * Requirements: apache 1.3, apache 2.0 (prefork), mod_php4/5, autoconf, automake, libtool, m4
+  export PHP_PREFIX="/usr"
+  $PHP_PREFIX/bin/phpize
+  ./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
+  make
+  make install
+--without-eaccelerator-use-inode [bug with open_basedir - safe mode]
+  * See [[http://eaccelerator.net/SourceInstallationUk|Instalation from source]]
+=== Eaccelerator with Zend Optimizer ===
+**''/etc/php/*/php.ini''**
+  [EAccelerator]
+  zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20020429/eaccelerator.so"
+  eaccelerator.shm_size="32"
+  eaccelerator.cache_dir="/tmp/eaccelerator"   ; if you use disk cache - folder MUST exist
+  eaccelerator.enable="1"
+  eaccelerator.optimizer="1"
+  eaccelerator.check_mtime="1"
+  eaccelerator.debug="0"
+  eaccelerator.filter=""
+  eaccelerator.shm_max="0"
+  eaccelerator.shm_ttl="0"
+  eaccelerator.shm_prune_period="0"
+  eaccelerator.shm_only="1"                   ; doesn't save cache to disk (cache_dir)
+  eaccelerator.compress="0"
+  eaccelerator.compress_level="9"
+  [Zend]
+  zend_optimizer.optimization_level=15
+  zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.5.10
+  zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.5.10
+  zend_optimizer.version=2.5.10a
+  zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
+  zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so
+**Be sure to fix the PATH to Zend and eaccelerator libraries**
 eaccelerator
 php.ini tricks
+[[Zend]]