Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.1k views
in Technique[技术] by (71.8m points)

security - How to prevent override the setting using .htaccess or custom php.ini

How to make sure the user cannot override the setting using .htaccess or custom php.ini any tips for configuration i should use

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

To prevent users setting PHP config values in .htaccess files, do not give AllowOverride Options permissions on their virtual hosts.

Alternatively, install PHP as CGI instead of as an Apache module, as the CGI version is unaffected by .htaccess files. However, since PHP 5.3.0, PHP CGI does parse per-directory php.ini files. I am not aware of a method that turns this off.

EDIT: I've just seen this in the latest default php.ini:

; Directives following the section heading [PATH=/www/mysite] only
; apply to PHP files in the /www/mysite directory.  Directives
; following the section heading [HOST=www.example.com] only apply to
; PHP files served from www.example.com.  Directives set in these
; special sections cannot be overridden by user-defined INI files or
; at runtime. Currently, [PATH=] and [HOST=] sections only work under
; CGI/FastCGI.
; http://php.net/ini.sections

So if you put directives in your main php.ini under per-directory headings they cannot be overridden. However, the downside is that you'll have to do this for every virtual host so it'll be a PITA in environments where there are many or where new ones are frequently added.

EDIT AGAIN:

Further reading has revealed this:

; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
;user_ini.filename = ".user.ini"
; To disable this feature set this option to empty value
;user_ini.filename =

So just uncomment that last line to disable per-user ini files. :-)


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...