主要从安全Security,性能Performance,代码整洁度Code cleanliness角度考虑
- register_globals = Off [Security, Performance]
- register_long_arrays = Off [Performance]
- display_errors = Off [Security]
- log_errors = On [Security]
- output_buffering = 4096 [Performance]
- register_argc_argv = Off [Performance]
- magic_quotes_gpc = Off [Performance]
- variables_order = "GPCS" [Performance]
- error_reporting = E_ALL [Code Cleanliness, Security(?)]
- allow_call_time_pass_reference = Off [Code cleanliness]
安全模式必须要开启
safe_mode = on
safe_mode_gid = off
启动safe_mode,会对许多PHP函数进行限制,特别是和系统相关的文件打开、命令执行等函数
safe_mode_include_dir = [WEBSITE]
运行文件目录
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
open_basedir = [WEBSITE]
必须要禁用的函数
disable_functions=exec,passthru,popen,proc_open,shell_exec,system,phpinfo, assert
建议禁用的函数disable_functions=chdir,chroot,dir,getcwd,opendir,readdir,scandir,fopen,unlink,delete,copy,mkdir,rmdir,rename,
file,file_get_contents,fputs,fwrite,chgrp,chmod,chown
expose_php = Off
关闭错误信息提示
display_errors = Off
关闭全局变量
register_globals = Off
不允许调用dl
enable_dl = Off
关闭远程文件
allow_url_fopen = Off
allow_url_include = Off
http only 开启
session.cookie_httponly = 1
https secure 开启
session.cookie_secure = 1
明确定义upload_tmp_dir设置为系统tmp目录
- register_globals = Off [Security, Performance]
- register_long_arrays = Off [Performance]
- display_errors = Off [Security]
- log_errors = On [Security]
- output_buffering = 4096 [Performance]
- register_argc_argv = Off [Performance]
- magic_quotes_gpc = Off [Performance]
- variables_order = "GPCS" [Performance]
- error_reporting = E_ALL [Code Cleanliness, Security(?)]
- allow_call_time_pass_reference = Off [Code cleanliness]
安全模式必须要开启
safe_mode = on
safe_mode_gid = off
启动safe_mode,会对许多PHP函数进行限制,特别是和系统相关的文件打开、命令执行等函数
safe_mode_include_dir = [WEBSITE]
运行文件目录
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
open_basedir = [WEBSITE]
必须要禁用的函数
disable_functions=exec,passthru,popen,proc_open,shell_exec,system,phpinfo, assert
建议禁用的函数disable_functions=chdir,chroot,dir,getcwd,opendir,readdir,scandir,fopen,unlink,delete,copy,mkdir,rmdir,rename,
file,file_get_contents,fputs,fwrite,chgrp,chmod,chown
expose_php = Off
关闭错误信息提示
display_errors = Off
关闭全局变量
register_globals = Off
不允许调用dl
enable_dl = Off
关闭远程文件
allow_url_fopen = Off
allow_url_include = Off
http only 开启
session.cookie_httponly = 1
https secure 开启
session.cookie_secure = 1
明确定义upload_tmp_dir设置为系统tmp目录
0 Responses