Re: PHP insecure by default -- revised

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Di, den 29.06.2004 schrieb Jason Aeschilman um 0:51:

> < output_buffering = Off
> > output_buffering = 4096
> 
> < allow_call_time_pass_reference = On
> > allow_call_time_pass_reference = Off
> 
> < error_reporting  =  E_ALL & ~E_NOTICE
> > error_reporting  =  E_ALL
> 
> < display_errors = On
> > display_errors = Off
> 
> < log_errors = Off
> > log_errors = On
> 
> < variables_order = "EGPCS"
> > variables_order = "GPCS"
> 
> < register_argc_argv = On
> > register_argc_argv = Off
> 
> < magic_quotes_gpc = On
> > magic_quotes_gpc = Off
> 
> < extension_dir = /usr/lib/php4
> > extension_dir = "./"
> 
> < sendmail_path = /usr/sbin/sendmail -t -i
> > ;sendmail_path =
> 
> < dbx.colnames_case = "unchanged"
> > dbx.colnames_case = "lowercase"
> 
> < session.save_path = /tmp
> > ;session.save_path = /tmp
> 
> < session.gc_divisor     = 100
> > session.gc_divisor     = 1000
> 
> < session.bug_compat_42 = 1
> > session.bug_compat_42 = 0
> 
> < url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="
> > url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
> 
> To make php.ini-recommended work for Fedora, I changed these lines:
> 
> extension_dir = /usr/lib/php4
> sendmail_path = /usr/sbin/sendmail -t -i

> J.A.K.E.

Besides "register_argc_argv" and "magic_quotes_gpc", which settings do
you feel make PHP on Fedora insecure? About both named settings you
could discuss, I do not take them as that bad default.

You opened a can with your topic/thread and I do not see it really
filled.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435 
Serendipity 00:59:32 up 2 days, 2:46, load average: 0.27, 0.41, 0.36 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux