The primary mechanism for configuring PHP is the php.inifile.
As the master file, this provides you with control over all configuration settings.
Entries generally take the format:
setting= value
Be sure to read the comments provided in the file before making changes, though.
There are a few tricks, such as include_pathusing a colon (:) as a seperator on
Unix, and a semicolon (;) on Windows.
Most Web hosts will not provide you access to your php.inifile unless you have
root access to the system (which is typically not the case if you’re using a cheap
virtual hosting service). Your next alternative is to use .htaccessfiles to configure
PHP assuming the Web server is Apache.
An .htaccessfile is a plain text file that you place in a public Web directory to
determine the behavior of Apache when it comes to serving pages from that directory; for instance, you might identify which pages you’ll allow public access to.
Note that the effect of an .htaccessfile is recursive—it applies to subdirectories
as well.
To configure PHP with .htaccessfiles, your hosting provider must have the
Apache setting AllowOverride Optionsor AllowOverride Allapplied to your
Web directory in Apache’s main httpd.confconfiguration file. Assuming that
is done, there are two Apache directives you can use to modify PHP’s configuration:
php_flag
used for settings that have boolean values (i.e. on/offor 1/0) such as
register_globals
php_value
used to specify a string value for settings, such as you might have with the
include_pathsetting
Here’s an example .htaccessfile:
# Switch off register globals
php_flag register_globals off
# Set the include path
php_value include_path ".;/home/username/pear"
The final mechanism controlling PHP’s configuration is the group of functions
ini_setand ini_alter, which let you modify configuration settings, as well as
ini_get, which allows you to check configuration settings, and ini_restore,
which resets PHP’s configuration to the default value as defined by php.iniand
any .htaccessfiles. Using ini_set, here’s an example which allows us to avoid
having to define our host, user name and password when connecting to MySQL:
ini_set('mysql.default_host', 'localhost');
ini_set('mysql.default_user', 'harryf');
ini_set('mysql.default_password', 'secret');
if (!mysql_connect()) {
echo mysql_error();
} else {
echo 'Success';
}
Be aware that PHP provides for some settings, such as error_reporting, alternative functions that perform effectively the same job as ini_set.
As the master file, this provides you with control over all configuration settings.
Entries generally take the format:
setting= value
Be sure to read the comments provided in the file before making changes, though.
There are a few tricks, such as include_pathusing a colon (:) as a seperator on
Unix, and a semicolon (;) on Windows.
Most Web hosts will not provide you access to your php.inifile unless you have
root access to the system (which is typically not the case if you’re using a cheap
virtual hosting service). Your next alternative is to use .htaccessfiles to configure
PHP assuming the Web server is Apache.
An .htaccessfile is a plain text file that you place in a public Web directory to
determine the behavior of Apache when it comes to serving pages from that directory; for instance, you might identify which pages you’ll allow public access to.
Note that the effect of an .htaccessfile is recursive—it applies to subdirectories
as well.
To configure PHP with .htaccessfiles, your hosting provider must have the
Apache setting AllowOverride Optionsor AllowOverride Allapplied to your
Web directory in Apache’s main httpd.confconfiguration file. Assuming that
is done, there are two Apache directives you can use to modify PHP’s configuration:
php_flag
used for settings that have boolean values (i.e. on/offor 1/0) such as
register_globals
php_value
used to specify a string value for settings, such as you might have with the
include_pathsetting
Here’s an example .htaccessfile:
# Switch off register globals
php_flag register_globals off
# Set the include path
php_value include_path ".;/home/username/pear"
The final mechanism controlling PHP’s configuration is the group of functions
ini_setand ini_alter, which let you modify configuration settings, as well as
ini_get, which allows you to check configuration settings, and ini_restore,
which resets PHP’s configuration to the default value as defined by php.iniand
any .htaccessfiles. Using ini_set, here’s an example which allows us to avoid
having to define our host, user name and password when connecting to MySQL:
ini_set('mysql.default_host', 'localhost');
ini_set('mysql.default_user', 'harryf');
ini_set('mysql.default_password', 'secret');
if (!mysql_connect()) {
echo mysql_error();
} else {
echo 'Success';
}
Be aware that PHP provides for some settings, such as error_reporting, alternative functions that perform effectively the same job as ini_set.
0 Response to "[Tech New] configuring PHP-impact security "
Post a Comment