Changes between Version 38 and Version 39 of DebianLamp
- Timestamp:
- Oct 27, 2009, 5:04:16 PM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
DebianLamp
v38 v39 216 216 * '''register_globals''': this must be '''off'''. Application which rely on this setting to be on are very old or totally insecure, most of them both. 217 217 * '''post_max_size''', '''upload_max_filesize''': are better kept in sync (effective upload limit is the minimum of these two values), any value will do. It's okay to have 100M here. 218 * '''upload_tmp_dir''': should be in the partition where data will end, sane default is often {{{/var/tmp}}} ( and NOT{{{/tmp}}})218 * '''upload_tmp_dir''': should be in the partition where data will end, sane default is often {{{/var/tmp}}} (instead of {{{/tmp}}}) 219 219 * '''allow_url_fopen''' should be '''off''' (if turned on, a simple directory traversal attack turns into a remote exploit). This can be mitigated by being activated and setting {{{allow_url_include = off}}}, nonetheless CURL is a far better match if the application needs to be a FTP/HTTP client (safer, proper error handling, good documentation). 220 220 * '''session.gc_maxlifetime''': the default session expiration, often left as is by many applications. You'll want to have something like 30 days (2592000 seconds) if you know your application is quite sane with session handling (eg. file-based session storage with +1000 new sessions/day is quite a limit). With Debian, you especially need to know what {{{/etc/cron.d/php5}}} is for. … … 223 223 224 224 * If your application prefers '''mysqli''' over '''mysql''', go for it. Your best hope is that it will use parameter bindings (safer) and prepared statements (faster). 225 * If your application only transforms image or modify them in a trival way (say adding some watermark), don't use '''gd''', use '''!ImageMagick''' as an external program (NOT the module). '''gd''' is bad at image transformation , and it is not safe nor efficient to have the image data in PHP memory space.225 * If your application only transforms image or modify them in a trival way (say adding some watermark), don't use '''gd''', use '''!ImageMagick''' as an external program (NOT the module). '''gd''' is bad at image transformation (poor algorithms, memory hungry/no streaming process), and it is not safe nor efficient to have the image data in PHP memory space. 226 226 227 227 === Module or FastCGI ? ===