荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: cycker (TryToDoEverythingOnLinux), 信区: Linux
标 题: Configure php.ini (4)
发信站: 荔园晨风BBS站 (Sun May 18 11:47:06 2003), 站内信件
This tells the php.ini file to set itself up for this particular
configuration setup with:
engine = On
This directive "engine" is used by sites that would like to turn PHP parsing
on and off on a per-directory or per-virtual server basis. By putting engine
off in the appropriate places in the httpd.conf file, PHP can be enabled or
disabled with the Apache module version of PHP. In most cases, we should keep
the default setting of "On" here or you really don't need to use PHP.
short_open_tag = On
This directive "short_open_tag" is used to inform the PHP software whether the
short form (<? ?>) of PHP's open tag should be allowed or not on the server.
It is important to note that if you want to use PHP in combination with XML
feature, you have to disable this option. If disabled, you must use the long
form of the open tag (<?php ?>). In most case, we can keep the default value
of "On" here. Change to "Off" only if you know what you do and what PHP
external software you use with your web server.
asp_tags = Off
This directive "asp_tags" is used to enables the use of ASP-like <% %> tags in
addition to the usual <?php ?> tags. You should say "On" here only if you use
some ASP like language with PHP on your Unix system. Remember that ASP comes
from Microsoft; therefore use this feature with PHP only if you want to run
some ASP script files that come from Microsoft on Unix.
precision = 14
This directive "precision" is used to define the number of significant digits
displayed in floating point numbers with PHP. The default value of "14" is ok
for most of us and should be changed only if you have some good reason to do
it.
y2k_compliance = Off
This directive "y2k_compliance" is used to enforce year 2000 compliance with
PHP on your web server. It's important to note that changing this feature to
"On" will cause problems with non-compliant browsers. Therefore I recommend
you to keep the default setting of "Off" here.
output_buffering = Off
This directive "output_buffering" is used to enable output buffering for all
files with PHP. This allows PHP to send header lines (including cookies) even
after sending body content, at the price of slowing PHP's output layer a bit.
For performance reason, I recommend you to keep the default setting of "Off"
here. In general, this doesn't pose any problem with external software using
this function because you or the author of the software can enable output
buffering during runtime by calling the output. This is a performance feature.
output_handler =
This directive "output_handler" is used to redirect all of the output of your
scripts to a function. This can be used for example to transparently compress
PHP output before sending it to a browsers that support gzip or deflate
encoding. It's important to note that setting this option to an output
handler will automatically turns "On" the above "output_buffering"
directive. For compatibility reason with available browsers on the Net and
to save CPU loads and resources on your server, I recommend you to keep this
directive with its default empty value. This is a performance feature.
unserialize_callback_func =
This directive "unserialize_callback_func" is used to call a unserialize
callback function defined as the value of this directive. In general,
we can keep the default empty value here. Only developers and advanced users
who know when they should define and use this directive should change the
default setting.
zlib.output_compression = On
This directive "zlib.output_compression" is used to transparently compress PHP
output files using the zlib library of Linux. This can improve performance
and especially time dial-up users should wait before seeing a PHP page. The
default setting for this directive is "Off" and we change it for "On". It's
important to note that the above "output_handler" directive must be empty if
this directive is set to "On" as we do. This is a performance feature.
implicit_flush = Off
This directive "implicit_flush" is used to inform the output layer to flush
itself automatically after every output block. This is useful for debugging
purposes only and should never be used or set to "On" on production server
since it has serious performance implications. This is a performance feature.
allow_call_time_pass_reference = Off
This directive "allow_call_time_pass_reference" is used to enable the ability
to force PHP arguments to be passed by reference instead of by values at
function call time. In future version of PHP, this method will be unsupported
and all PHP arguments will be passed by values at function call time. This
directive lets us choose which method we want to use for our PHP programs
. By default, the setting for this directive is "On" but we are encouraged to
try and turn this option
"Off". This is what we do here but be sure that your scripts work properly
when this option is set to "Off". If you have problem to make your scripts
work when this option is set to "Off", then turn it back to "On".
safe_mode = On
This directive "safe_mode" is one of the most important setting in the
php.ini file and the one that pose most problems for all of us. It has been
made to solve the shared-server security problem that we can see when using
Apache with PHP. When "safe_mode" is set to "On", PHP checks to see if the
owner of the current PHP script matches the owner of the file to be operated
on by a file function. This means that every file related to the function
implemented inside the PHP script file should have the same permission as the
user that run the PHP script file or better, the user who own the PHP script
file should have permission to run the file called by the function.
This is where problems appear when we set the value of this important
directive to "On" because most advanced PHP software and especially those
dealing with SQL databases provide internal PHP function that call external
file on our Linux server and when the "safe_mode" directive is set to "On"
those external PHP software do not have enough permission to access Linux
files on our server because they run with the user permission that run the
script, which is in general a user with less privileges on the server.
To solve this problem and to keep security of PHP as high as possible, we will
play with the "safe_mode" directives by changing the default setting of "Off"
to become "On" and will complete its parameters to make it work with the other
directives directly associated with it as shown below. This is a security
feature.
safe_mode_gid = Off
This directive "safe_mode_gid" is directly related to the above option
(safe_mode). By default, Safe Mode when set to "On", does a UID compare
check when opening files. If you want to relax this to a GID compare, then
we can turn "On" the "safe_mode_gid" directive. Setting it to "On" perform
the relaxed GID checking, setting it to "Off" (the default) performs UID
checking. For optimum security, I recommend to keep the default value of
"Off" here and only change it to "On" if you still have problem to run your
PHP software on the server. This is a security feature.
safe_mode_include_dir = /var/lib/mysql
As we know now, when "safe_mode" is "On" and "safe_mode_gid" is "Off", UID/GID
checks are made (this is what we want). The "safe_mode_include_dir" directive
can be used to bypass this restriction. This is possible by specifying the
path of the directory and/or subdirectory as a value of the directive. In
our example, we define the path where our SQL database directory and
subdirectories reside on our server. In this way UID/GID checks are
bypassed when including files from this directory and its subdirectories
and should make most PHP software workable with "safe_mode" enable on
the web server supporting PHP. This is a security feature.
safe_mode_exec_dir =
When the "safe_mode" directive is set to "On", only executables located
under the "safe_mode_exec_dir" directive line will be allowed to be
executed via the exec family of functions. To complete our security with
"safe_mode", we must list here any directories from where some
executables reside for PHP to allow then to run on the server. In
general and with databases connectivity, there are no executables to
run, therefore, our value here is empty. If you have some special
executables for your PHP software to run, then list here the complete
path to the directory in question. This is a security feature.
;open_basedir =
This directive "open_basedir" is used to limits all file operations to
the defined directory and below when "safe_mode" is set to "On". This
directive makes most sense if used in a per-directory or per-virtualhost
web server configuration file. In our configuration, we don't use it and
this is why its parameter line is commented in our configuration file.
This is a security feature.
safe_mode_allowed_env_vars = PHP_
This directive "safe_mode_allowed_env_vars" is used to define environment
variables whose names begin with the prefixes supplied here. This
directive contains a comma-delimited list of prefixes. In Safe Mode,
the user may only alter environment variables whose names begin
with the prefixes supplied here. With the default setting of this
directive, users will only be able to set environment variables
that begin with PHP_ (e.g. PHP_FOO=BAR). This is a security feature.
safe_mode_protected_env_vars = LD_LIBRARY_PATHa
This directive "safe_mode_protected_env_vars" is used to define list of
environment variables that the end user won't be able to change using
putenv(). These variables will be protected even if the
"safe_mode_allowed_env_vars" directive is set to allow changing
them. The default setting is ok for most of us. This is a security feature.
disable_functions =
This directive "disable_functions" is used to disable individual
functions for security reasons. It's important to note that this
directive is NOT affected by whether Safe Mode is turned On or Off.
If you know about some PHP function that you want to disable, then
list them here. This is a security feature.
expose_php = Off
This directive "expose_php" is used to define whether PHP may expose the
fact that it is installed on the server by adding its signature to the
web server header. The default setting of "On" allow everyone form the
external to determine whether we use PHP on our server or not.
To disable this feature, you should set the value to "Off" (recommended).
This is a security feature.
display_errors = Off
This directive "display_errors" is used to print out PHP errors as a part of
the output. It's strongly encouraged to turn this feature "Off" to avoid
revealing security information to end users, such as file paths on your
web server, your database schema or other information.
This is a security feature.
log_errors = On
This directive "log_errors" complements the above one. Any errors that occur
during the execution of your script will be logged to your server's error
log file. Along with setting the "display_errors" directive to "Off", this
setup gives you the ability to fully understand what may have gone
wrong, without exposing any sensitive information to remote users.
This is a security feature.
register_globals = Off
One interesting feature of PHP that can be used to enhance security is
configuring PHP with the "register_globals" directive set to "Off"
. By turning off the ability for any user-submitted variable to be
injected into PHP code, you can reduce the amount of variable poisoning
a potential attacker may inflict. They will have to take the additional
time to forge submissions, and your internal variables are effectively
isolated from user submitted data.
Unfortunately some PHP software still uses this directive and if we
set this option to "Off" as we do here, then something may break.
I recommend you to set it to "Off" and test if your PHP software work with
it. If you see that you have problem to make your application work when
this setting is set to "Off", then change it to "On". This is a security
and performance feature.
register_argc_argv = On
This directive "register_argc_argv" is used to tell PHP whether to declare
the argv&argc variables (that would contain the GET information).
If you don't use these variables, you should turn it "Off" for increased
performance (recommended). Please note that some PHP software still
required these variables to properly work on the server; this is why
we keep the default value of "On" here. This is a performance feature.
magic_quotes_gpc = Off
This directive "magic_quotes_gpc" is used to define the "magic_quotes" state
for GPC (Get/Post/Cookie) operations on the web server. With the latest
release of PHP, input data is no longer escaped with slashes so that it
can be sent into SQL databases without further manipulation.
This is a performance feature.
enable_dl = Off
This directive "enable_dl" is used to define whether or not to enable the
dl() function (dynamic loading of PHP extensions). For security reason, you
should turn dynamic loading "Off" because with dynamic loading set to "On",
it's possible to ignore all the "safe_mode" and "open_basedir" security
restrictions on the server. This is a security feature.
file_uploads = Off
This directive "file_uploads" is used to define whether you want to allow
HTTP file uploads on the server or not. For security reason,
I recommend you to disable this option by saying "Off" here. Remember
what happen on the Internet when this setting was set to "On".
Therefore enable at your own risk. This is a security feature.
;extension = imap.so
;extension = ldap.so
;extension = mysql.so
;extension = pgsql.so
This directive "extension" is used to enable specific applications with
our PHP software. Remember that we have compiled PHP with support for
IMAP, LDAP, MySQL, and PostgreSQL as loadable modules on the system.
Therefore if we want to enable for example support for IMAP, we will
simply need to uncomment its related line into the php.ini configuration
file for PHP to know about it. In this way, we can enable or disable
as we want any compiled in modules as listed above into our PHP
with Apache. By default, I've disabled all available extension into
the configuration file; therefore don't forget to uncomment any
lines you want to enable support for.
[MySQL]
mysql.allow_persistent = Off
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket = /var/lib/mysql/mysql.sock
mysql.default_host =
mysql.default_user =
mysql.default_password =
For PHP scripts, the most expensive bottleneck is normally the CPU.
Twin CPUs are probably more useful than two Gigabytes of RAM.
When, using database connectivity with your PHP software, we were
able to gain some important performance by switching to
non-persistent database connections into the php.ini file. An
alternative solution would have been to increase the MySQL
"max_connections" parameter.
--
Welcome to CYCKER'S LINUX_SOFT FTPD ftp://192.168.36.220
※ 来源:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.36.220]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店