Devops for Growth

Optimal php.ini configurations and settings for maximum security protection from external threats:

Name

Default

Optimal Value

Description

disable_functions

This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_functions is not affected by Safe Mode. This directive must be set in the php.ini file: For example, you cannot set this in httpd.conf.

disable_classes

This directive allows you to disable certain classes for security reasons. It takes on a comma-delimited list of class names. The disable_classes  directive is not affected by Safe Mode. This directive must be set in php.ini: For example, you cannot set this in httpd.conf.

magic_qotes_gpc

0

0

Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quotes), " (double quotes), \ (backslash) and NULLs are escaped with a backslash, automatically.

allow_url_include

0

0

This option allows the use of URL-aware fopen wrappers with the following functions: include(), include_once(), require(), require_once().

Note: This setting requires that  allow_url_fopen be set to On.

expose_php

1

0

Decides whether PHP may expose the fact that it is installed on the server (e.g., by adding its signature to the Web server header). It is no security threat in any way, but it makes it possible to determine whether you use PHP on your server or not.

display_errors

1

0

This determines whether errors should be printed to the screen as part of the output or if they should be hidden from the user.

Value "stderr" sends the errors to stderr instead of stdout.

Note: This is a feature to support your development and should never be used on production systems (e.g., systems connected to the Internet).

Note: Although display_errors may be set at runtime (with ini_set()), it won't have any affect if the script has fatal errors. This is because the desired runtime action does not get executed.

register_globals

0

0

Whether or not to register the EGPCS (Environment, GET, POST, Cookie, Server) variables as global variables.

Relying on this feature is highly discouraged. Please read the security chapter in the PHP manual on Using register_globals for related information.

Note: register_globals is affected by the variables_order directive.

Tip:

CodingTeam is a free (as in freedom) forge written in PHP with a lot of collaborative work and communication tools. This is afree software released under the GNU Affero General Public License version 3.

CodingTeam is a compilation of modules. Each modules brings a few views. It's very easy to create your own module or to extend an already existing module by the creation of a new view. You could also install a third-party module easily.

CodingTeam will evolve with your needs. You would easily extend CodingTeam, thanks to its modular organization and its many qualities. Just look at it, you will understand as easy it is!

You can configure everything. If you want to disable a module, you can. If you want to disable only one view of a module, you can do that too. You can even edit project's categories. Two CodingTeam installations are different on many ways.

Une présentation d'un environnement de développement industrialisé en PHP. Un peu ancien (2008), mais les outils sont toujours d'actualité.