[nycphp-talk] PHP as CGI Binary
Jeff Siegel
jsiegel1 at optonline.net
Thu Jan 1 15:58:50 EST 2004
Excellent advice. Thanks!
Jeff
Tim Gales wrote:
> you check for where php is reading its ini file from
> [e.g. phpinfo -- Configuration File (php.ini) Path ]
>
> If I were doing it, I would make sure I could read and
> write to that directory, do an ls -l and see the
> permissions and ownership of the php.ini
> (and write it down) then rename the php.ini to
> php.ini.old and then put the new php.ini file in the
> directory.
>
> I hesitate to tell you everything will be fine --
> but if you're certain you could put things back the way
> they were, then I don't see any major problem.
>
> T. Gales & Associates
> 'Helping People Connect with Technology'
>
> http://www.tgaconnect.com
>
>
>
>>-----Original Message-----
>>From: talk-bounces at lists.nyphp.org
>>[mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel
>>Sent: Thursday, January 01, 2004 2:46 PM
>>To: NYPHP Talk
>>Subject: Re: [nycphp-talk] PHP as CGI Binary
>>
>>
>>Tim,
>>
>>I thought I'd sift through these
>>(http://cvs.php.net/cvs.php/php-src/php.ini-recommended) to find the
>>optimal setting and making adjustments for version as needed (I'll be
>>using ver. 4.3.2).
>>
>>Q: Can I simply overwrite the php.ini that's in cgi-bin?
>>
>>I checked phpinfo() and it was compiled with
>>"--enable-force-cgi-redirect=yes". Thanks for pointing this
>>out. There
>>was a reference to this in
>>http://www.php.net/manual/en/security.cgi-bin.php in the context of
>>Apache config.
>>
>>Happy New Year!!
>>
>>Jeff
>>
>>Tim Gales wrote:
>>
>>
>>>Jeff Siegel writes:
>>>"The interesting thing, when I try to view the php.ini
>>>
>>>
>>>>file that is
>>>>in cgi-bin, I only see a few settings."
>>>
>>>
>>>If the php.ini is sparse, here are some
>>>excerpts from a suggested ini (as a
>>>reminder)
>>>
>>>; The root of the PHP pages, used only if nonempty.
>>>; if PHP was not compiled with FORCE_REDIRECT, you SHOULD
>>
>>set doc_root
>>
>>>; if you are running php as a CGI under any web server (other than
>>>IIS) ; see documentation for security issues. The
>>
>>alternate is to use
>>
>>>the ; cgi.force_redirect configuration below doc_root =
>>>
>>>; cgi.force_redirect is necessary to provide security
>>
>>running PHP as a
>>
>>>CGI under ; most web servers. Left undefined, PHP turns this on by
>>>default. You can
>>>; turn it off here AT YOUR OWN RISK
>>>; **You CAN safely turn this off for IIS, in fact, you MUST.**
>>>; cgi.force_redirect = 1
>>>
>>>Maybe it wouldn't hurt to make sure php was compiled with
>>>FORCE_REDIRECT and explicitly set cgi.redirect = 1.
>>>
>>>
>>>T. Gales & Associates
>>>'Helping People Connect with Technology'
>>>
>>>http://www.tgaconnect.com
>>>
>>>
>>>
>>>_______________________________________________
>>>talk mailing list
>>>talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>
>>--
>>Found on the Simpson's Website:
>>"Ooooooh, they have the internet on computers now!"
>>
>>_______________________________________________
>>talk mailing list
>>talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
>>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
--
Found on the Simpson's Website:
"Ooooooh, they have the internet on computers now!"
More information about the talk
mailing list