TWiki>
Main Web>NodeRequirements>NodeInstallationGuide>PhpSecuritySettings (2009-12-11, SteveMarple)EditAttach
Main Web>NodeRequirements>NodeInstallationGuide>PhpSecuritySettings (2009-12-11, SteveMarple)EditAttachPHP Security Settings
GAIA should just work fine with most configurations ofphp.ini. However, for the security of your webserver consider making the following settings.
| Setting | Value |
Comments |
|---|---|---|
display_errors |
Off |
Don't send error messages to the HTML output. For a test server you might want this set to On for easier debugging. |
allow_url_fopen |
Off |
Whether to allow the treatment of URLs (like http:// or ftp://) as files. GAIA uses curl to access remote documents and does not require allow_url_fopen to be on. Switch off to secure your webserver. |
log_errors |
On |
Write error messages into a log file. |
Comments invited on the usefulness (or lack of) of the open_basedir setting.
Not very useful unless you are very aware it is set! You can easily get caught out by modules which PHP claims to not find even though they are in the include_path, if the path is not listed in the open_basedir setting. Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2009-12-11 - 14:05:21 - SteveMarple
Main Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Main |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback