This shows you the differences between two versions of the page.
— | userguide:vsite:vsitephp [2014/07/23 13:24] (current) – created chris@virtbiz.com | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====PHP==== | ||
+ | [[userguide: | ||
+ | |||
+ | PHP related security and resource settings for this virtual site. Allows you to individually adjust the PHP related security and resource settings on a per site basis. | ||
+ | |||
+ | * **Register Globals**: For maximum security you must set register_globals to Off. Otherwise it is easily possible that unsecurely programmed PHP scripts can be used to hack your server. | ||
+ | * **Open Basedir (Server)**: These are the open_basedir settings as defined for the whole server under Server Management / Security / PHP. They are mandatory for every virtual site. In the field below you can specify additional directories that should be added to the open_basedir directive. | ||
+ | * **Open Basedir (Vsite)**: The open_basedir directive limits the file access of PHP scripts to certain directories. The Open Basedir (Server) field above shows you to which directories PHP scripts already have access to on this server. If the PHP scripts of this site need additional access to further directories, | ||
+ | * **Allow URL fopen**: If enabled, allow_url_fopen allows PHPs file functions - such as file_get_contents() and the include and require statements - can retrieve data from remote locations, like an FTP or web site. Programmers frequently forget this and dont do proper input filtering when passing user-provided data to these functions, opening them up to code injection vulnerabilities. A large number of code injection vulnerabilities and hacks reported in PHP-based web applications are caused by the combination of enabling allow_url_fopen and bad input filtering. Off by default. | ||
+ | * **Allow URL include**: | ||
+ | * **Upload Max Filesize**: | ||
+ | * **Post Max Size**: | ||
+ | * **Max execution time**: Maximum amount of time each script may run. | ||
+ | * **Max input time**: Maximum amount of time each script may spend parsing request data. | ||
+ | * **Memory limit**: Defines how much memory a script may use. Settings this to a high value leaves the server vulnerable to attacks that attempt to exhaust resources and creates an environment where poor programming practices can propagate unchecked. | ||