Optimum PHP.ini setting for security?

0tter

Could anyone recommend what settings in PHP.ini I should set in order to produce a more secure site?

I've set register_globals to off, as I believe this is the most fundamental problem?

I've heard that magic quotes and safe mode are pretty important too, could anyone tell me what these ideally should be set to (sure that safe mode should be on). Also there seems to be numerous flavours of them e.g.

safe_mode
safe_mode_gid

and

magic_quotes_gpc
magic_quotes_runtime
magic_quotes_sybase

What do you do with these, if anything, to make the site more secure and are there any other settings I should be looking at?

Many thanks for all of your help so far.

Cheers

Bill

bpat1434

turn them all off...

As far as I know, the magic_quotes_sybase is only relevant if you're using they sybase DB platform. Using magic_quotes at runtime or gpc (Get, Post, Cookies) is a bad ideas is it can mess with the input.

General rule:
Code to a more general standard, and see if magic_quotes_gpc is on, if so, stripslashes, else, dont' worry about it.

To make it secure, I'd say magic_quotes is better off, but safe-mode has it's good and bad points. What makes PHP insecure is code, not the core program itself.

Code to a strict security standard, and you should be fine.

0tter

Thanks for that advice, I'm just trying to get the fundamentals right before I zip up the security in the code. Not too sure where to start in that but from a previous thread I now have some ideas.

Although my coding has come on leaps and bounds, I'm still left cold when I hear a suggestion on what should be done. I actually bought a book on PHP security and I really cannot fathom it. A simple recipe of what can go wrong, examples on what bad code is and what to do about it would have been ideal but this really gets too techy for me from the start.

Don't get me wrong I've worked in IT for some 20 years now, it's just I'm a PHP novice and this area of techie has out-techied me.

Thanks for the advice though, that's just what I needed.

Cheers

Bill