On Mon, Jun 28, 2004 at 04:07:30PM -0600, Jason Aeschilman wrote: > Why is PHP insecure by default on FC1? Is it because it's not for > production use? It uses a php.ini that is only suited for development, not > production use. I ended up grabbing the "php.ini-recommended" file from the > official release of PHP-4.3.6 and made a couple Fedora-related changes to it > (diff helped out here). The php.ini in Fedora Core 2 is based on php.ini-recommended rather than the development defaults. The differences are not really that significant, and I don't see which changes matter to "security"; can you explain why you say "insecure by default"? joe
