[pmwiki-users] How to optimize php.ini

Iain D. Brown iain at iainbrown.net
Tue Sep 5 13:43:53 CDT 2006


Tom Lederer wrote:

>> Due to the recent affairs, i wondered if someone of greater
>> knowledge could tip me how to set the options (those i can) in
>> php.ini to use pmwiki at its best.

Pm replied:

> Here's my suggestions:

>     session.auto_start      Off
>     session.use_cookies     On
>     session.use_trans_sid   Off
>     magic_quotes_runtime    Off   [1]
>     magic_quotes_gpc        Off   [2]
>     register_globals        Off   [3]
>     display_errors          On for debugging, Off for production [4]
>     session.cookie_lifetime 0

This, and Pm's very useful information in his message on PmWiki
security vulnerability today, makes me wonder if someone has
created a document on hardening PmWiki.

To ensure one's installation of PmWiki is as secure as possible,
should I be following Pm's suggestions, above? Are there any
implications for the functioning of my PmWiki site if I follow the
above? Are there any other settings I should be securing?

Best wishes,

Iain.
(Wannabe techie.)

-- 
Iain Brown
iain at iainbrown.net





More information about the pmwiki-users mailing list