NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP as CGI Binary

Tim Gales tgales at tgaconnect.com
Thu Jan 1 15:08:12 EST 2004


you check for where php is reading its ini file from
[e.g. phpinfo -- Configuration File (php.ini) Path ]

If I were doing it, I would make sure I could read and 
write to that directory, do an ls -l and see the 
permissions and ownership of the php.ini 
(and write it down) then rename the php.ini to 
php.ini.old and then put the new php.ini file in the 
directory.

I hesitate to tell you everything will be fine -- 
but if you're certain you could put things back the way 
they were, then I don't see any major problem.

T. Gales & Associates
'Helping People Connect with Technology'

http://www.tgaconnect.com


> -----Original Message-----
> From: talk-bounces at lists.nyphp.org 
> [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel
> Sent: Thursday, January 01, 2004 2:46 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] PHP as CGI Binary
> 
> 
> Tim,
> 
> I thought I'd sift through these 
> (http://cvs.php.net/cvs.php/php-src/php.ini-recommended) to find the 
> optimal setting and making adjustments for version as needed (I'll be 
> using ver. 4.3.2).
> 
> Q: Can I simply overwrite the php.ini that's in cgi-bin?
> 
> I checked phpinfo() and it was compiled with 
> "--enable-force-cgi-redirect=yes". Thanks for pointing this 
> out. There 
> was a reference to this in 
> http://www.php.net/manual/en/security.cgi-bin.php in the context of 
> Apache config.
> 
> Happy New Year!!
> 
> Jeff
> 
> Tim Gales wrote:
> 
> > Jeff Siegel writes:
> > "The interesting thing, when I try to view the php.ini
> > 
> >>file that is
> >>in cgi-bin, I only see a few settings."
> > 
> > 
> > If the php.ini is sparse, here are some
> > excerpts from a suggested ini (as a 
> > reminder)
> > 
> > ; The root of the PHP pages, used only if nonempty.
> > ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD 
> set doc_root 
> > ; if you are running php as a CGI under any web server (other than 
> > IIS) ; see documentation for security issues.  The 
> alternate is to use 
> > the ; cgi.force_redirect configuration below doc_root =
> > 
> > ; cgi.force_redirect is necessary to provide security 
> running PHP as a 
> > CGI under ; most web servers.  Left undefined, PHP turns this on by 
> > default.  You can
> > ; turn it off here AT YOUR OWN RISK
> > ; **You CAN safely turn this off for IIS, in fact, you MUST.**
> > ; cgi.force_redirect = 1
> > 
> > Maybe it wouldn't hurt to make sure php was compiled with 
> > FORCE_REDIRECT and explicitly set cgi.redirect = 1.
> > 
> > 
> > T. Gales & Associates
> > 'Helping People Connect with Technology'
> > 
> > http://www.tgaconnect.com
> > 
> >  
> > 
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
> > 
> 
> -- 
> Found on the Simpson's Website:
> "Ooooooh, they have the internet on computers now!"
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
> 




More information about the talk mailing list