[[php]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
php [2009/01/05 19:17]
a Suhosin Configuration 		php [2010/02/20 14:43] (current)
greebo
Line 3: Line 3:
  
  
- +FIXME
- +
- +
  
  
Line 15: Line 12:
 For a start, put disable_functions = "system, exec" in php.ini.  For a start, put disable_functions = "system, exec" in php.ini. 
  
 +<code>
 +expose_php = Off 
 +display_errors = Off 
 +allow_url_fopen = Off 
  
-expose_php = Off \\ +session.use_trans_sid = 0  
-display_errors = Off \\ +session.use_only_cookies = 1 
-allow_url_fopen = Off \\ +
- +
-session.use_trans_sid = 0 \\ +
-session.use_only_cookies = 1 \\+
  
-#output_buffering = 4096 \\+#output_buffering = 4096 
  
 #per vhost: #per vhost:
Line 36: Line 33:
         php_admin_value default_charset "windows-1250"         php_admin_value default_charset "windows-1250"
  
 +</code>
  
 +**PHP to secure a setup, a good start is a secure php.ini, for example:**
 +   * disable the Fopen Wrapper, **allow_url_fopen** = Off
 +   * use disable_classes and disable_functions like: - ini_alter, ini_get_all, ini_get, ini_restore, ini_set, php_get_tmpdir, php_ini_scanned_files, php_logo_guid, php_uname, phpcredits, phpinfo, phpversion, putenv, restore_include_path, set_include_path, set_time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open, time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open etc. etc.
 +   * set **register_globals = off**
 +   * set log_errors = on, error_reporting and error_log
 +   * use **open_basedir** and include_path
 +   * use **safe_mode** if possible
  
-FIXME - styling needed+<code> 
 +allow_call_time_pass_reference = Off 
 +magic_quotes_gpc = Off 
 +register_long_arrays = Off 
 +register_argc_argv = Off 
 +allow_url_fopen = Off 
 +expose_php = Off 
 +disable_functions = symlink,shell_exec,proc_close,proc_open,dl,passthru,escapeshellarg,escapeshellcmd,openlog, apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual, phpinfo 
 +</code>
  
-**PHP to secure a setup, a good start is a secure php.ini, for example:** 
-   * disable the Fopen Wrapper, allow_url_fopen = Off 
-   * use disable_classes and disable_functions like  
-ini_alter, ini_get_all, ini_get, ini_restore, ini_set, php_get_tmpdir, php_ini_scanned_files, php_logo_guid, php_uname, phpcredits, phpinfo, phpversion, putenv, restore_include_path, set_include_path, set_time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open, time_limit, version_compare, zend_logo_guid, zend_version, show_source, system, shell_exec, passthru, exec, proc_open etc. etc. 
- 
-   * set register_globals = off 
-   * set log_errors = on, error_reporting and error_log 
-   * use open_basedir and include_path 
-   * use safe_mode if possible 
  
 === see also: === === see also: ===
Line 100: Line 104:
   make   make
   make install   make install
 +
 +--without-eaccelerator-use-inode [bug with open_basedir - safe mode]
  
   * See [[http://eaccelerator.net/SourceInstallationUk|Instalation from source]]   * See [[http://eaccelerator.net/SourceInstallationUk|Instalation from source]]
php.1231179477.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready