Dallas Cahker wrote:
I was looking to see if there was a quick checklist of settings for php to
be disabled/enabled in the ini file to make the application more secure.
I'm making sure the apps we come out with dont allow sql injections, or form
injections and so forth, I have just seen some posts about magic quotes and
so on and so I was curious.
Well, generally php comes with a "php.ini-dist" and a "php.ini-recommended";
for tighter security, use the "recommended" version. Examining a diff
of the
files could help shed some light, as well.
Of course, some of us could be waiting for the day when they ship with a
"php.ini-ironclad", "php.ini-stealthmode", or
"php.ini-anal-retentive-paranoid",
but I'm not sure those are slated, even for PHP6.... ;-)
HTH,
Kevin Kinsey
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
