[csw-devel] SF.net SVN: gar:[4846] csw/mgar/pkg/php4/trunk/files/php.ini.CSW
valholla at users.sourceforge.net
valholla at users.sourceforge.net
Thu May 14 19:11:32 CEST 2009
Revision: 4846
http://gar.svn.sourceforge.net/gar/?rev=4846&view=rev
Author: valholla
Date: 2009-05-14 17:11:32 +0000 (Thu, 14 May 2009)
Log Message:
-----------
CSWize php.ini-recommended
Modified Paths:
--------------
csw/mgar/pkg/php4/trunk/files/php.ini.CSW
Modified: csw/mgar/pkg/php4/trunk/files/php.ini.CSW
===================================================================
--- csw/mgar/pkg/php4/trunk/files/php.ini.CSW 2009-05-14 16:57:30 UTC (rev 4845)
+++ csw/mgar/pkg/php4/trunk/files/php.ini.CSW 2009-05-14 17:11:32 UTC (rev 4846)
@@ -1,63 +1,76 @@
[PHP]
-;;;;;;;;;;;
-; WARNING ;
-;;;;;;;;;;;
-; This is the default settings file for new PHP installations.
-; By default, PHP installs itself with a configuration suitable for
-; development purposes, and *NOT* for production purposes.
-; For several security-oriented considerations that should be taken
-; before going online with your site, please consult php.ini-recommended
-; and http://php.net/manual/en/security.php.
-
-
;;;;;;;;;;;;;;;;;;;
; About this file ;
;;;;;;;;;;;;;;;;;;;
-; This file controls many aspects of PHP's behavior. In order for PHP to
-; read it, it must be named 'php.ini'. PHP looks for it in the current
-; working directory, in the path designated by the environment variable
-; PHPRC, and in the path that was defined in compile time (in that order).
-; Under Windows, the compile-time path is the Windows directory. The
-; path in which the php.ini file is looked for can be overridden using
-; the -c argument in command line mode.
;
-; The syntax of the file is extremely simple. Whitespace and Lines
-; beginning with a semicolon are silently ignored (as you probably guessed).
-; Section headers (e.g. [Foo]) are also silently ignored, even though
-; they might mean something in the future.
+; This is the recommended, PHP 4-style version of the php.ini-dist file. It
+; sets some non standard settings, that make PHP more efficient, more secure,
+; and encourage cleaner coding.
+; The price is that with these settings, PHP may be incompatible with some
+; applications, and sometimes, more difficult to develop with. Using this
+; file is warmly recommended for production sites. As all of the changes from
+; the standard settings are thoroughly documented, you can go over each one,
+; and decide whether you want to use it or not.
;
-; Directives are specified using the following syntax:
-; directive = value
-; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
+; For general information about the php.ini file, please consult the php.ini-dist
+; file, included in your PHP distribution.
;
-; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
-; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
-; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo").
+; This file is different from the php.ini-dist file in the fact that it features
+; different values for several directives, in order to improve performance, while
+; possibly breaking compatibility with the standard out-of-the-box behavior of
+; PHP 3. Please make sure you read what's different, and modify your scripts
+; accordingly, if you decide to use this file instead.
;
-; Expressions in the INI file are limited to bitwise operators and parentheses:
-; | bitwise OR
-; & bitwise AND
-; ~ bitwise NOT
-; ! boolean NOT
-;
-; Boolean flags can be turned on using the values 1, On, True or Yes.
-; They can be turned off using the values 0, Off, False or No.
-;
-; An empty string can be denoted by simply not writing anything after the equal
-; sign, or by using the None keyword:
-;
-; foo = ; sets foo to an empty string
-; foo = none ; sets foo to an empty string
-; foo = "none" ; sets foo to the string 'none'
-;
-; If you use constants in your value, and these constants belong to a
-; dynamically loaded extension (either a PHP extension or a Zend extension),
-; you may only use these constants *after* the line that loads the extension.
-;
-; All the values in the php.ini-dist file correspond to the builtin
-; defaults (that is, if no php.ini is used, or if you delete these lines,
-; the builtin defaults will be identical).
+; - register_globals = Off [Security, Performance]
+; Global variables are no longer registered for input data (POST, GET, cookies,
+; environment and other server variables). Instead of using $foo, you must use
+; you can use $_REQUEST["foo"] (includes any variable that arrives through the
+; request, namely, POST, GET and cookie variables), or use one of the specific
+; $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending
+; on where the input originates. Also, you can look at the
+; import_request_variables() function.
+; Note that register_globals is going to be depracated (i.e., turned off by
+; default) in the next version of PHP, because it often leads to security bugs.
+; Read http://php.net/manual/en/security.registerglobals.php for further
+; information.
+; - display_errors = Off [Security]
+; With this directive set to off, errors that occur during the execution of
+; scripts will no longer be displayed as a part of the script output, and thus,
+; will no longer be exposed to remote users. With some errors, the error message
+; content may expose information about your script, web server, or database
+; server that may be exploitable for hacking. Production sites should have this
+; directive set to off.
+; - log_errors = On [Security]
+; This directive complements the above one. Any errors that occur during the
+; execution of your script will be logged (typically, to your server's error log,
+; but can be configured in several ways). Along with setting display_errors to off,
+; this setup gives you the ability to fully understand what may have gone wrong,
+; without exposing any sensitive information to remote users.
+; - output_buffering = 4096 [Performance]
+; Set a 4KB output buffer. Enabling output buffering typically results in less
+; writes, and sometimes less packets sent on the wire, which can often lead to
+; better performance. The gain this directive actually yields greatly depends
+; on which Web server you're working with, and what kind of scripts you're using.
+; - register_argc_argv = Off [Performance]
+; Disables registration of the somewhat redundant $argv and $argc global
+; variables.
+; - magic_quotes_gpc = Off [Performance]
+; Input data is no longer escaped with slashes so that it can be sent into
+; SQL databases without further manipulation. Instead, you should use the
+; function addslashes() on each input element you wish to send to a database.
+; - variables_order = "GPCS" [Performance]
+; The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access
+; environment variables, you can use getenv() instead.
+; - error_reporting = E_ALL [Code Cleanliness, Security(?)]
+; By default, PHP surpresses errors of type E_NOTICE. These error messages
+; are emitted for non-critical errors, but that could be a symptom of a bigger
+; problem. Most notably, this will cause error messages about the use
+; of uninitialized variables to be displayed.
+; - allow_call_time_pass_reference = Off [Code cleanliness]
+; It's not possible to decide to force a variable to be passed by reference
+; when calling a function. The PHP 4 style to do this is by making the
+; function require the relevant argument by reference.
;;;;;;;;;;;;;;;;;;;;
@@ -79,7 +92,7 @@
asp_tags = Off
; The number of significant digits displayed in floating point numbers.
-precision = 12
+precision = 14
; Enforce year 2000 compliance (will cause problems with non-compliant browsers)
y2k_compliance = On
@@ -91,7 +104,7 @@
; setting this directive to On. If you wish to limit the size of the buffer
; to a certain size - you can use a maximum number of bytes instead of 'On', as
; a value for this directive (e.g., output_buffering=4096).
-output_buffering = Off
+output_buffering = 4096
; You can redirect all of the output of your scripts to a function. For
; example, if you set output_handler to "mb_output_handler", character
@@ -109,11 +122,11 @@
; Valid values for this option are 'off', 'on', or a specific buffer size
; to be used for compression (default is 4KB)
; Note: Resulting chunk size may vary due to nature of compression. PHP
-; outputs chunks that are few hundreds bytes each as a result of
-; compression. If you prefer a larger chunk size for better
-; performance, enable output_buffering in addition.
-; Note: You need to use zlib.output_handler instead of the standard
-; output_handler, or otherwise the output will be corrupted.
+; outputs chunks that are few handreds bytes each as a result of compression.
+; If you want larger chunk size for better performence, enable output_buffering
+; also.
+; Note: output_handler must be empty if this is set 'On' !!!!
+; Instead you must use zlib.output_handler.
zlib.output_compression = Off
; You cannot specify additional output handlers if zlib.output_compression
@@ -151,8 +164,9 @@
; with future versions of the language (you will receive a warning each time
; you use this feature, and the argument will be passed by value instead of by
; reference).
-allow_call_time_pass_reference = On
+allow_call_time_pass_reference = Off
+;
; Safe Mode
;
safe_mode = Off
@@ -232,6 +246,7 @@
;max_input_nesting_level = 500 ; Maximum input variable nesting level
memory_limit = 8M ; Maximum amount of memory a script may consume (8MB)
+
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -266,16 +281,16 @@
;
;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR
;
-; - Show all errors except for notices
+; - Show all errors
;
-error_reporting = E_ALL & ~E_NOTICE
+error_reporting = E_ALL
; Print out errors (as a part of the output). For production web sites,
; you're strongly encouraged to turn this feature off, and use error logging
; instead (see below). Keeping display_errors enabled on a production web site
; may reveal security information to end users, such as file paths on your Web
; server, your database schema or other information.
-display_errors = On
+display_errors = Off
; Even when display_errors is on, errors that occur during PHP's startup
; sequence are not displayed. It's strongly recommended to keep
@@ -285,7 +300,7 @@
; Log errors into a log file (server-specific log, stderr, or error_log (below))
; As stated above, you're strongly advised to use error logging in place of
; error displaying on production web sites.
-log_errors = Off
+log_errors = On
; Set maximum length of log_errors. In error_log information about the source is
; added. The default is 1024 and 0 allows to not apply any maximum length at all.
@@ -310,7 +325,7 @@
; Disable the inclusion of HTML tags in error messages.
;html_errors = Off
-
+
; If html_errors is set On PHP produces clickable error messages that direct
; to a page describing the error or function causing the error in detail.
; You can download a copy of the PHP manual from http://www.php.net/docs.php
@@ -352,7 +367,7 @@
; Environment and Built-in variables (G, P, C, E & S respectively, often
; referred to as EGPCS or GPC). Registration is done from left to right, newer
; values override older values.
-variables_order = "EGPCS"
+variables_order = "GPCS"
; Whether or not to register the EGPCS variables as global variables. You may
; want to turn this off if you don't want to clutter your scripts' global scope
@@ -368,7 +383,7 @@
; This directive tells PHP whether to declare the argv&argc variables (that
; would contain the GET information). If you don't use these variables, you
; should turn it off for increased performance.
-register_argc_argv = On
+register_argc_argv = Off
; Maximum size of POST data that PHP will accept.
post_max_size = 8M
@@ -380,7 +395,7 @@
;
; Magic quotes for incoming GET/POST/Cookie data.
-magic_quotes_gpc = On
+magic_quotes_gpc = Off
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off
@@ -400,7 +415,7 @@
default_mimetype = "text/html"
;default_charset = "iso-8859-1"
-; Always populate the $HTTP_RAW_POST_DATA variable.
+; Always populate the $HTTP_RAW_POST_DATA variable.
;always_populate_raw_post_data = On
@@ -421,12 +436,12 @@
; cgi.force_redirect configuration below
doc_root =
-; The directory under which PHP opens the script using /~username used only
+; The directory under which PHP opens the script using /~usernamem used only
; if nonempty.
user_dir =
; Directory in which the loadable extensions (modules) reside.
-extension_dir = PHPEXTDIR
+extension_dir = "PHPEXTDIR"
; Whether or not to enable the dl() function. The dl() function does NOT work
; properly in multithreaded servers, such as IIS or Zeus, and is automatically
@@ -455,7 +470,7 @@
; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting
; of zero causes PHP to behave as before. Default is zero. You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
-; cgi.fix_pathinfo=0
+; cgi.fix_pathinfo=1
; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
; security tokens of the calling client. This allows IIS to define the
@@ -473,8 +488,8 @@
; RFC2616 compliant header.
; Default is zero.
;cgi.rfc2616_headers = 0
-
+
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
@@ -500,8 +515,8 @@
; Define the anonymous ftp password (your email address)
;from="john at doe.com"
-; Define the User-Agent string
-; user_agent="PHP"
+; Define the user agent for php to send
+;user_agent="PHP"
; Default timeout for socket based streams (seconds)
default_socket_timeout = 60
@@ -535,56 +550,29 @@
; needs to go here. Specify the location of the extension with the
; extension_dir directive above.
+; CSW Extensions
+;extension=bcmath.so
+;extension=bz2.so
+;extension=calendar.so
+;extension=curl.so
+;extension=dba.so
+;extension=domxml.so
+;extension=gd.so
+;extension=gettext.so
+;extension=gmp.so
+;extension=iconv.so
+;extension=imap.so
+;extension=ldap.so
+;extension=mbstring.so
+;extension=mcal.so
+;extension=mssql.so
+;extension=mysql.so
+;extension=ncurses.so
+;extension=odbc.so
+;extension=openssl.so
+;extension=pgsql.so
+;extension=zlib.so
-;Windows Extensions
-;Note that MySQL and ODBC support is now built in, so no dll is needed for it.
-;
-;extension=php_mbstring.dll
-;extension=php_bz2.dll
-;extension=php_cpdf.dll
-;extension=php_crack.dll
-;extension=php_curl.dll
-;extension=php_db.dll
-;extension=php_dba.dll
-;extension=php_dbase.dll
-;extension=php_dbx.dll
-;extension=php_domxml.dll
-;extension=php_exif.dll
-;extension=php_fdf.dll
-;extension=php_filepro.dll
-;extension=php_gd2.dll
-;extension=php_gettext.dll
-;extension=php_hyperwave.dll
-;extension=php_iconv.dll
-;extension=php_ifx.dll
-;extension=php_iisfunc.dll
-;extension=php_imap.dll
-;extension=php_interbase.dll
-;extension=php_java.dll
-;extension=php_ldap.dll
-;extension=php_mcrypt.dll
-;extension=php_mhash.dll
-;extension=php_mime_magic.dll
-;extension=php_ming.dll
-;extension=php_mssql.dll
-;extension=php_msql.dll
-;extension=php_oci8.dll
-;extension=php_openssl.dll
-;extension=php_oracle.dll
-;extension=php_pdf.dll
-;extension=php_pgsql.dll
-;extension=php_printer.dll
-;extension=php_shmop.dll
-;extension=php_snmp.dll
-;extension=php_sockets.dll
-;extension=php_sybase_ct.dll
-;extension=php_w32api.dll
-;extension=php_xmlrpc.dll
-;extension=php_xslt.dll
-;extension=php_yaz.dll
-;extension=php_zip.dll
-
-
;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;
@@ -695,8 +683,9 @@
; Allow or prevent persistent links.
pgsql.allow_persistent = On
-; Detect broken persistent links always with pg_pconnect(). Need a little overhead.
-pgsql.auto_reset_persistent = Off
+; Detect broken persistent links always with pg_pconnect().
+; Auto reset feature requires a little overheads.
+pgsql.auto_reset_persistent = Off
; Maximum number of persistent links. -1 means no limit.
pgsql.max_persistent = -1
@@ -705,6 +694,7 @@
pgsql.max_links = -1
; Ignore PostgreSQL backends Notice message or not.
+; Notice message logging require a little overheads.
pgsql.ignore_notice = 0
; Log PostgreSQL backends Noitce message or not.
@@ -760,7 +750,7 @@
; "uppercase"
; the recommended default is either upper- or lowercase, but
; unchanged is currently set for backwards compatibility
-dbx.colnames_case = "unchanged"
+dbx.colnames_case = "lowercase"
[bcmath]
; Number of decimal digits for all bcmath functions.
@@ -813,23 +803,12 @@
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
-; As of PHP 4.0.1, you can define the path as:
-; session.save_path = "N;/path"
-; where N is an integer. Instead of storing all the session files in
-; /path, what this will do is use subdirectories N-levels deep, and
-; store the session data in those directories. This is useful if you
-; or your OS have problems with lots of files in one directory, and is
-; a more efficient layout for servers that handle lots of sessions.
-; NOTE 1: PHP will not create this directory structure automatically.
-; You can use the script in the ext/session dir for that purpose.
-; NOTE 2: See the section on garbage collection below if you choose to
-; use subdirectories for session storage
;session.save_path = /tmp
; Whether to use cookies.
session.use_cookies = 1
-; This option enables administrators to make their users invulnerable to
+; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1
@@ -858,27 +837,19 @@
; on each request.
session.gc_probability = 1
-session.gc_divisor = 100
+session.gc_divisor = 1000
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440
-; NOTE: If you are using the subdirectory option for storing session files
-; (see session.save_path above), then garbage collection does *not*
-; happen automatically. You will need to do your own garbage
-; collection through a shell script, cron entry, or some other method.
-; For example, the following script would is the equivalent of
-; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
-; cd /path/to/sessions; find -cmin +24 | xargs rm
-
; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit register_globals
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.
-session.bug_compat_42 = 1
+session.bug_compat_42 = 0
session.bug_compat_warn = 1
; Check HTTP Referer to invalidate externally stored URLs containing ids.
@@ -896,7 +867,7 @@
;session.entropy_file = /dev/urandom
-; Set to {nocache,private,public,} to determine HTTP caching aspects
+; Set to {nocache,private,public,} to determine HTTP caching aspects.
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache
@@ -904,12 +875,12 @@
session.cache_expire = 180
; trans sid support is disabled by default.
-; Use of trans sid may risk your users security.
+; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
-; in publically accessible computer.
+; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0
@@ -919,7 +890,7 @@
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
-url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="
+url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
; Allow or prevent persistent links.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
More information about the devel
mailing list