PhpSecuritySettings < Main

Main Web>NodeRequirements>NodeInstallationGuide>PhpSecuritySettings (2009-12-11, SteveMarple) (raw view)EditAttach

---+ PHP Security Settings

GAIA should just work fine with most configurations of =php.ini=. However, for the security of your webserver consider making the following settings.

| *Setting* | *Value* | *Comments* |
| =display_errors= | =Off= | Don't send error messages to the HTML output. For a test server you might want this set to =On= for easier debugging. |
| =log_errors= | =On= | Write error messages into a log file. |
| =allow_url_fopen= | =Off= | Whether to allow the treatment of URLs (like =http://= or =ftp://=) as files. GAIA uses =curl= to access remote documents and does not require =allow_url_fopen= to be on. Switch off to secure your webserver. |

%ICON{wip}% Comments invited on the usefulness (or lack of) of the =open_basedir= setting.

%ICON{bubble}% Not very useful unless you are *very* aware it is set! You can easily get caught out by modules which PHP claims to not find even though they are in the =include_path=, if the path is not listed in the =open_basedir= setting.

Topic revision: r2 - 2009-12-11 - 14:05:21 - SteveMarple

Main

Webs
Main
Sandbox
TWiki

Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback