PHP insecure by default -- revised

Alexander Dalloz alexander.dalloz at uni-bielefeld.de
Mon Jun 28 23:02:44 UTC 2004


Am Di, den 29.06.2004 schrieb Jason Aeschilman um 0:51:

> < output_buffering = Off
> > output_buffering = 4096
> 
> < allow_call_time_pass_reference = On
> > allow_call_time_pass_reference = Off
> 
> < error_reporting  =  E_ALL & ~E_NOTICE
> > error_reporting  =  E_ALL
> 
> < display_errors = On
> > display_errors = Off
> 
> < log_errors = Off
> > log_errors = On
> 
> < variables_order = "EGPCS"
> > variables_order = "GPCS"
> 
> < register_argc_argv = On
> > register_argc_argv = Off
> 
> < magic_quotes_gpc = On
> > magic_quotes_gpc = Off
> 
> < extension_dir = /usr/lib/php4
> > extension_dir = "./"
> 
> < sendmail_path = /usr/sbin/sendmail -t -i
> > ;sendmail_path =
> 
> < dbx.colnames_case = "unchanged"
> > dbx.colnames_case = "lowercase"
> 
> < session.save_path = /tmp
> > ;session.save_path = /tmp
> 
> < session.gc_divisor     = 100
> > session.gc_divisor     = 1000
> 
> < session.bug_compat_42 = 1
> > session.bug_compat_42 = 0
> 
> < url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="
> > url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
> 
> To make php.ini-recommended work for Fedora, I changed these lines:
> 
> extension_dir = /usr/lib/php4
> sendmail_path = /usr/sbin/sendmail -t -i

> J.A.K.E.

Besides "register_argc_argv" and "magic_quotes_gpc", which settings do
you feel make PHP on Fedora insecure? About both named settings you
could discuss, I do not take them as that bad default.

You opened a can with your topic/thread and I do not see it really
filled.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435 
Serendipity 00:59:32 up 2 days, 2:46, load average: 0.27, 0.41, 0.36 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040629/d58c8053/attachment-0001.sig>


More information about the fedora-list mailing list