[nycphp-talk] PHP as CGI Binary
Jeff Siegel
jsiegel1 at optonline.net
Thu Jan 1 14:46:02 EST 2004
Tim,
I thought I'd sift through these
(http://cvs.php.net/cvs.php/php-src/php.ini-recommended) to find the
optimal setting and making adjustments for version as needed (I'll be
using ver. 4.3.2).
Q: Can I simply overwrite the php.ini that's in cgi-bin?
I checked phpinfo() and it was compiled with
"--enable-force-cgi-redirect=yes". Thanks for pointing this out. There
was a reference to this in
http://www.php.net/manual/en/security.cgi-bin.php in the context of
Apache config.
Happy New Year!!
Jeff
Tim Gales wrote:
> Jeff Siegel writes:
> "The interesting thing, when I try to view the php.ini
>
>>file that is
>>in cgi-bin, I only see a few settings."
>
>
> If the php.ini is sparse, here are some
> excerpts from a suggested ini (as a
> reminder)
>
> ; The root of the PHP pages, used only if nonempty.
> ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
> ; if you are running php as a CGI under any web server (other than IIS)
> ; see documentation for security issues. The alternate is to use the
> ; cgi.force_redirect configuration below
> doc_root =
>
> ; cgi.force_redirect is necessary to provide security running PHP as a CGI
> under
> ; most web servers. Left undefined, PHP turns this on by default. You
> can
> ; turn it off here AT YOUR OWN RISK
> ; **You CAN safely turn this off for IIS, in fact, you MUST.**
> ; cgi.force_redirect = 1
>
> Maybe it wouldn't hurt to make sure php was compiled with
> FORCE_REDIRECT and explicitly set cgi.redirect = 1.
>
>
> T. Gales & Associates
> 'Helping People Connect with Technology'
>
> http://www.tgaconnect.com
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
--
Found on the Simpson's Website:
"Ooooooh, they have the internet on computers now!"
More information about the talk
mailing list