3.3.37. PhpCompilation¶
3.3.37.1. PhpCompilation¶
The PhpCompilation suggests a list of compilation directives when compiling the PHP binary, tailored for the code
PhpCompilation bases its selection on the code and its usage of features. PhpCompilation also recommends disabling unused standard extensions : this helps reducing the footprint of the binary, and prevents unused features to be available for intrusion. PhpCompilation is able to detects over 150 PHP extensions.
;;;;;;;;;;;;;;;;;;;;;;;;;;
; Suggestion for php.ini ;
;;;;;;;;;;;;;;;;;;;;;;;;;;
; The directives below are selected based on the code provided.
; They only cover the related directives that may have an impact on the code
;
; The list may not be exhaustive
; The suggested values are not recommendations, and should be reviewed and adapted
;
[date]
; It is not safe to rely on the system's timezone settings. Make sure the
; directive date.timezone is set in php.ini.
date.timezone = Europe/Amsterdam
[pcre]
; More information about pcre :
;http://php.net/manual/en/pcre.configuration.php
[standard]
; This sets the maximum amount of memory in bytes that a script is allowed to
; allocate. This helps prevent poorly written scripts for eating up all available
; memory on a server. It is recommended to set this as low as possible and avoid
; removing the limit.
memory_limit = 120
; This sets the maximum amount of time, in seconds, that a script is allowed to
; run. The lower the value, the better for the server, but also, the better has
; the script to be written. Avoid really large values that are only useful for
; admin, and set them per directory.
max_execution_time = 90
; Exposes to the world that PHP is installed on the server. For security reasons,
; it is better to keep this hidden.
expose_php = Off
; This determines whether errors should be printed to the screen as part of the
; output or if they should be hidden from the user.
display_errors = Off
; Set the error reporting level. Always set this high, so as to have the errors
; reported, and logged.
error_reporting = E_ALL
; Always log errors for future use
log_errors = On
; Name of the file where script errors should be logged.
error_log = Name of a writable file, suitable for logging.
; More information about standard :
;http://php.net/manual/en/info.configuration.php
; Name of the file where script errors should be logged.
disable_functions = curl_init,ftp_connect,ftp_ssl_connect,ldap_connect,mail,mysqli_connect,mysqli_pconnect,pg_connect,pg_pconnect,socket_create,socket_accept,socket_connect,socket_listen
disable_classes = mysqli
3.3.37.2. Specs¶
Short name |
PhpCompilation |
Rulesets |
Appinfo. |
Type |
Text |
Target |
This report is written in ‘compilePHP.txt’. |
Available in |