[php-maint] Bug#459814: Update to the php.ini-paranoid file under the examples directory
Javier Fernández-Sanguino Peña
jfs at computer.org
Tue Jan 8 21:15:34 UTC 2008
Package: php5
Version: 5.2.4-2
Priority: wishlist
Tags: patch
Attached is an update of the php.ini-paranoid example file I provided a long
time ago (october 2004) updated to the latest contents of the php.ini-dist
file:
- includes some variables which were no present in the first version and
removes modules not available in PHP5. Also fixes typos in comments which
have since been fixed in php.ini-dist
- adds notes (Debian-specific) of which security features applications should
not rely on
- add more information of why some variables were enabled
- reorder the description of chagnes to suit the location in the config file
- add notes of deprecated features in PHP6
- add more (suggested) changes to the session module to make a more secure
use and storage of session IDs.
- remove the 'include' function from the list of disabled functions as it
is quite common for most applications
- modify the valid 'include_path' to make it really paranoid ('.' is not
allowed anymore)
- adjust locations of directories, including the upload dir and session dir
- proper definition for sql.safe_mode and description (missing in
php.ini-dist of what it is really for)
- added session configuration variables which are not available in
php.ini-dist together with recommended paranoid values
(session.referer_check, session.entropy_file, session.entropy_length)
- added more information to session configuration (not available in php.ini)
based on the information at php.net
Please apply the attached patch to the php.ini-paranoid present in the
package.
Thanks
Javier
This new version
-------------- next part --------------
A non-text attachment was scrubbed...
Name: php.ini-paranoid.diff
Type: text/x-diff
Size: 48199 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20080108/c430a2ed/attachment-0001.diff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20080108/c430a2ed/attachment-0001.pgp
More information about the pkg-php-maint
mailing list