PHP insecure by default

Joe Orton jorton at redhat.com
Tue Jun 29 13:23:31 UTC 2004


On Mon, Jun 28, 2004 at 04:07:30PM -0600, Jason Aeschilman wrote:
> Why is PHP insecure by default on FC1?  Is it because it's not for
> production use?  It uses a php.ini that is only suited for development, not
> production use.  I ended up grabbing the "php.ini-recommended" file from the
> official release of PHP-4.3.6 and made a couple Fedora-related changes to it
> (diff helped out here).

The php.ini in Fedora Core 2 is based on php.ini-recommended rather than
the development defaults.  The differences are not really that
significant, and I don't see which changes matter to "security"; can you
explain why you say "insecure by default"?

joe





More information about the fedora-list mailing list