That was my thought too, but, when I create new folder - it will
automatically create php.ini inside and there is no point of deleting them.
HOW insecure it is? Because, since you know there is php.ini you can
easy open every of them (http://mydomain.com/gallery/images/php.ini) and
look. Isn't is vulnerable point?
-afan
Daniel Brown wrote:
On Jan 5, 2008 2:35 AM, Afan Pasalic <afan@xxxxxxxx> wrote:
hi,
after my host moved my account from old server (shared hosting) with php
4.4.7, mysql 4.x to new one with php 5.x and mysql 5.x. nice. they did
it fast and without problems.
but then I realized that every folder has it's own php.ini file?!?
I "talked" to them (live chat) about this and they told me "that is how
our system is setup":
"...
afan [20:25]: why is now different then before?
xxxx [20:25]: That is not different. That has always been the case.
You may not have had a php.ini in every folder, but every folder still
needed its own php.ini if you wanted to change the php settings.
afan [20:27]: I don't understand why I should have php.ini in every
folder? it's like having admin area for each folder?
xxxx [20:28]: You don't have to if you don't want to, but that is how
our system is setup, so unless you don't want to change settings for all
of your folders, you'll want to leave those there.
afan [20:29]: ok. in case I want to change something in php.ini, how to
do it on all php.ini files?
xxxx [20:29]: You would change one php.ini file, then visit the link I
provided, and that will show you how to copy that to all folders.
..."
and I got the link with script how to change EVERY php.ini on my account
(with over 10 addon domain).
I still think that's not correct. I need your opinion.
I'm not entirely sure why your host found it necessary to provide
a php.ini file in every directory, but the fact is, it's safe to
delete all of them if you want. They're just there to allow you to
override certain settings (INI_PERDIR settings, for example).
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php