The directives are introduced as they appear in php.ini file. This might be boring, but it's needed so read it carefully. Have it your way!!!
Note:- Error Handling and Logging and File Uploads directives are not discussed here as per your comfort. I will be introducing them on the go.
Note:- Error Handling and Logging and File Uploads directives are not discussed here as per your comfort. I will be introducing them on the go.
SAFE MODE
When you deploy PHP in a multi-user environment, such as that found on an ISP’s shared server, you might want to limit its functionality. As you might imagine, offering all users full reign over all PHP’s functions(more about functions in php) could open up the possibility for exploiting or damaging server resources and files. As a safeguard for using PHP on shared servers, PHP can be run in a restricted, or safe, mode. Enabling safe mode will disable quite a few functions and various features deemed to be potentially insecure and thus possibly damaging if they are misused within a local script.
Due to confusion caused by the name and approach of this particular feature, coupled with the unintended consequences brought about by multiple user IDs playing a part in creating and owning various files, PHP’s safe mode feature has been deprecated from PHP 5.3.0. I strongly recommend that you avoid using this feature. And hence will not be discussed by me. Trust me it is for your own benefits.
SYNTAX HIGHLIGHTING
PHP can display and highlight source code. You can enable this feature either by assigning the PHP script the extension .phps (this is the default extension and can be modified) or via the show_source() or highlight_file() function. To use the .phps extension, you need to add the following line to httpd.conf:
AddType application/x-httpd-php-source .phps
You can control the color of strings, comments, keywords, the background, default text, and HTML components of the highlighted source through the following six directives. Each can be assigned an RGB, hexadecimal, or keyword representation of each color. For example, black can be represented as rgb(0,0,0), #000000, or black, respectively.
highlight.string = string
Scope: PHP_INI_ALL; Default value: #DD0000
highlight.comment = string
Scope: PHP_INI_ALL; Default value: #FF9900
highlight.keyword = string
Scope: PHP_INI_ALL; Default value: #007700
highlight.bg = string
Scope: PHP_INI_ALL; Default value: #FFFFFF
highlight.default = string
Scope: PHP_INI_ALL; Default value: #0000BB
highlight.html = string
Scope: PHP_INI_ALL; Default value: #000000
MISCELLANEOUS
expose_php = On | Off
Scope: PHP_INI_SYSTEM; Default value: On
More the information about your server is exposed more is it's chances of attacks. One simple way to obtain key information about server characteristics is via the server signature. For example, Apache will broadcast the following information within each response header by default:
Apache/2.2.0 (Unix) PHP/5.3.0 PHP/5.3.0-dev Server at www.example.com Port 80
Disabling expose_php prevents the web server signature (if enabled) from broadcasting the fact that PHP is installed(more about installing php). Although you need to take other steps to ensure sufficient server protection, obscuring server properties such as this one is nonetheless heartily recommended.
Note: You can disable Apache’s broadcast of its server signature by setting ServerSignature to Off in the httpd.conf file.
Note: You can disable Apache’s broadcast of its server signature by setting ServerSignature to Off in the httpd.conf file.
RESOURCE LIMITS
Here we can manage the resource management capabilities of php. Three particular areas where over-consumption is prevalent are script execution time, script input processing time, and memory. Each can be controlled via the following three directives.
max_execution_time = integer
Scope: PHP_INI_ALL; Default value: 30
The max_execution_time parameter places an upper limit on the amount of time, in seconds, that a PHP script can execute. Setting this parameter to 0 disables any maximum limit. Note that any time consumed by an external program executed by PHP commands, such as exec() and system(), does not count toward this limit.
max_input_time = integer
Scope: PHP_INI_ALL; Default value: 60
The max_input_time parameter places a limit on the amount of time, in seconds, that a PHP script devotes to parsing request data. This parameter is particularly important when you upload large files using PHP’s file upload feature.
memory_limit = integerM
Scope: PHP_INI_ALL; Default value: 128M
The memory_limit parameter determines the maximum amount of memory, in megabytes, that can be allocated to a PHP script.
PATH DIRECTORIES
The directives in this category determine PHP’s default path settings.
include_path = string
Scope: PHP_INI_ALL; Default value: NULL
The path to which this parameter is set serves as the base path used by functions such as include(), require(), and fopen_with_path(). You can specify multiple directories by separating each with a semicolon, as shown in the following example:
include_path=".:/usr/local/include/php;/home/php"
By default, this parameter is set to the path defined by the environment variable PHP_INCLUDE_PATH.
Note:- On Windows, backward slashes are used in lieu of forward slashes, and the drive letter
prefaces the path:
Note:- On Windows, backward slashes are used in lieu of forward slashes, and the drive letter
prefaces the path:
include_path=".;C:\php\includes"
doc_root = string
Scope: PHP_INI_SYSTEM; Default value: NULL
This parameter determines the default from which all PHP scripts will be served. This parameter is used only if it is not empty.
user_dir = string
Scope: PHP_INI_SYSTEM; Default value: NULL
The user_dir directive specifies the absolute directory PHP uses when opening files using the /~username convention. For example, when user_dir is set to /home/users and a user attempts to open the file ~/gilmore/collections/books.txt, PHP knows that the absolute path is /home/users/gilmore/collections/books.txt.
extension_dir = string
Scope: PHP_INI_SYSTEM; Default value: ./ (on Windows, the default is ext)
The extension_dir directive tells PHP where its loadable extensions (modules) are located. By default, this is set to ./, which means that the loadable extensions are located in the same directory as the executing script.
In the Windows environment, if extension_dir is not set, it will default to C:\PHP-INSTALLATION-DIRECTORY\ext\.
enable_dl = On | Off
Scope: PHP_INI_SYSTEM; Default value: Off
The enable_dl() function allows a user to load a PHP extension at run time, i.e., during a script’s execution.
FOPEN WRAPPERS
The directives mentioned in this category are used to access and manipulate remote files.
allow_url_fopen = On | Off
Scope: PHP_INI_ALL; Default value: On
Enabling allow_url_fopen allows PHP to treat remote files almost as if they were local. When enabled, a PHP script can access and modify files residing on remote servers, if the files have the correct permissions.
from = string
Scope: PHP_INI_ALL; Default value: NULL
The title of the from directive is perhaps misleading in that it actually determines the password, rather than the identity, of the anonymous user used to perform FTP connections. Therefore, if from is set like this
from = "jason@example.com"
the username anonymous and password jason@example.com will be passed to the server when authentication is requested.
user_agent = string
Scope: PHP_INI_ALL; Default value: NULL
PHP always sends a content header along with its processed output, including a user agent attribute. This directive determines the value of that attribute.
default_socket_timeout = integer
Scope: PHP_INI_ALL; Default value: 60
This directive determines the time-out value of a socket-based stream, in seconds.
auto_detect_line_endings = On | Off
Scope: PHP_INI_ALL; Default value: Off
One never-ending source of developer frustration is derived from the end-of-line (EOL) character because of the varying syntax employed by different operating systems. Enabling auto_detect_line_endings determines whether the data read by fgets() and file() uses Macintosh, MS-DOS, or Linux file conventions.
DYNAMIC EXTENSION
extension = string
Scope: PHP_INI_ALL; Default value: NULL
The extension directive is used to dynamically load a particular module. On the Win32 operating system, a module might be loaded like this:
extension = php_bz2.dll
On Unix, it would be loaded like this:
extension = php_bz2.so
Keep in mind that on either operating system, simply uncommenting or adding this line doesn’t necessarily enable the relevant extension. You’ll also need to ensure that the appropriate software is installed on the operating system.
0 comments:
Post a Comment