NYCPHP Meetup

[Mark Armendariz]

Also on some servers that use php as um.. Not a module (cgi?), they may
sometimes allow you to have your own php.ini in your directory, so you can
set 'register_globals=0' locally even if the server has them on.  I do the
same for overall error reporting on a site by site basis.

The local .htaccess and php.ini can be real life savers in vhost settings...

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of felix zaslavskiy
Sent: Wednesday, November 12, 2003 3:56 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] PHundamentals Topic #4: php.ini settings

On Wed, 12 Nov 2003 15:29:48 -0500
Michael Southwell <southwell at dneba.com> wrote:

> Settings in the php.ini file have an important effect on the 
> operation, security and reliability of your application.
> For example, setting register_globals to a value of "on" makes it 
> easier to pass variables from one script to another, but opens serious 
> security vulnerabilities--so best practice is always to set it "off."
> 

Alot of shared hosts set register_globals to off in their php.ini file.  If
one needs to run scrip with register_globals to on then a nice trick exists.
In .htaccess file one  can set  'php_value register_globals 1'

Also I seen programs that dont like magic_quote_gpc to be set to 1 to its
one can also set that value to 0 in .htaccess file.

> What settings do you consider essential?  How should they be set, and why?
> 
> In next month's PHundamentals, we'll discuss how to manage these 
> settings most effectively.
> 
> ====================
> Jeff Siegel and Mike Southwell
> The PHundamentals Team
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 


_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk