I would look here for an idea. http://phpsec.org/projects/guide/ I think you'll find many opinions on the matter. One thing to remember is that once the app goes live your job doesnt stop there you'll need to be just as stringent about security and checking logs and errors as you were when you were developing. On 4/6/06, Dallas Cahker <christmasfruitcake@xxxxxxxxx> wrote: > I was looking to see if there was a quick checklist of settings for php to > be disabled/enabled in the ini file to make the application more secure. > I'm making sure the apps we come out with dont allow sql injections, or form > injections and so forth, I have just seen some posts about magic quotes and > so on and so I was curious. > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php