Am Di, den 29.06.2004 schrieb Jason Aeschilman um 0:51:
< output_buffering = Off
output_buffering = 4096
< allow_call_time_pass_reference = On
allow_call_time_pass_reference = Off
< error_reporting = E_ALL & ~E_NOTICE
error_reporting = E_ALL
< display_errors = On
display_errors = Off
< log_errors = Off
log_errors = On
< variables_order = "EGPCS"
variables_order = "GPCS"
< register_argc_argv = On
register_argc_argv = Off
< magic_quotes_gpc = On
magic_quotes_gpc = Off
< extension_dir = /usr/lib/php4
extension_dir = "./"
< sendmail_path = /usr/sbin/sendmail -t -i
;sendmail_path =
< dbx.colnames_case = "unchanged"
dbx.colnames_case = "lowercase"
< session.save_path = /tmp
;session.save_path = /tmp
< session.gc_divisor = 100
session.gc_divisor = 1000
< session.bug_compat_42 = 1
session.bug_compat_42 = 0
< url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
To make php.ini-recommended work for Fedora, I changed these lines:
extension_dir = /usr/lib/php4 sendmail_path = /usr/sbin/sendmail -t -i
J.A.K.E.
Besides "register_argc_argv" and "magic_quotes_gpc", which settings do you feel make PHP on Fedora insecure? About both named settings you could discuss, I do not take them as that bad default.
You opened a can with your topic/thread and I do not see it really filled.
Alexander