PHP insecure by default
jorton at redhat.com
Tue Jun 29 13:23:31 UTC 2004
On Mon, Jun 28, 2004 at 04:07:30PM -0600, Jason Aeschilman wrote:
> Why is PHP insecure by default on FC1? Is it because it's not for
> production use? It uses a php.ini that is only suited for development, not
> production use. I ended up grabbing the "php.ini-recommended" file from the
> official release of PHP-4.3.6 and made a couple Fedora-related changes to it
> (diff helped out here).
The php.ini in Fedora Core 2 is based on php.ini-recommended rather than
the development defaults. The differences are not really that
significant, and I don't see which changes matter to "security"; can you
explain why you say "insecure by default"?
More information about the users