Reads the configuration file (php.ini) when PHP starts. For the server module versions of PHP, occurs only when the Web server start time. For the CGI and CLI version, it happens on each call.
How to configure php.ini to improve the security of Web server
1, disabling unneeded PHP function
This option can be set which prohibit the use of PHP functions. Some features in PHP there is a big risk. If allowed to perform these functions, then when the PHP program vulnerable to attack, the loss will be very serious! Below we give the recommended settings to disable the function:
disable_functions = phpinfo,passthru,exec,system,popen,chroot,escapeshellcmd,escapeshellarg,shell_exec,proc_open,proc_get_status
Execution time 2, PHP script
max_execution_time = 30
This option sets the maximum execution time of PHP program. If you request a PHP script and PHP script fails to complete within max_execution_time time, PHP will not be executed, but returned to the client timeout error directly. This option does not require special leave the default setting of 30 seconds. If your PHP script does take a long time to perform, you can increase this time is set appropriately.
3, the memory usage of PHP scripts
memory_limit = 8M
This option specifies the PHP script processing can take up a maximum memory. The default value is 8MB. If the server memory is larger than 1GB, you can set this option to 12MB, in order to improve the efficiency of PHP script processing.
4, PHP global function declaration
register_globals = Off
Many articles on the Internet about PHP settings are recommended option is set to On. In fact, this is a very dangerous setting method may lead to a serious security problem. If there are no special needs, it is strongly recommended that you keep the default settings!
5, PHP upload file size limit
upload_max_filesize = 2M
This option sets the maximum allowable PHP upload file size. The default value is 2MB. This setting can be increased depending on the application requirements.