PHP-Konfiguration
Hier eine Sammlung von PHP-Konfigurationssetzungen die für den Produktivbetrieb eines SiteKit-Systems in erwägung gezogen werden sollten.
Allgemein
; display_errors
; Default Value: On
; Development Value: On
; Production Value: Off
display_errors = Off
; error_reporting
; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
error_reporting = E_ALL
; log_errors
; Default Value: Off
; Development Value: On
; Production Value: On
log_errors = On
Sicherheit
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
; expose_php = On
expose_php = Off
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-fopen
; allow_url_fopen = On
allow_url_fopen = Off
; Switch whether to compile assertions at all (to have no overhead at run-time)
; -1: Do not compile at all
; 0: Jump over assertion at run-time
; 1: Execute assertions
; Changing from or to a negative value is only possible in php.ini!
; (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1)
; Default Value: 1
; Development Value: 1
; Production Value: -1
; http://php.net/zend.assertions
; zend.assertions = 1
zend.assertions = -1
; Assert(expr); active by default.
; http://php.net/assert.active
;assert.active = On
assert.active = Off
Session-Sicherheit
; Whether to use strict session mode.
; Strict session mode does not accept an uninitialized session ID, and
; regenerates the session ID if the browser sends an uninitialized session ID.
; Strict mode protects applications from session fixation via a session adoption
; vulnerability. It is disabled by default for maximum compatibility, but
; enabling it is encouraged.
; https://wiki.php.net/rfc/strict_sessions
; https://www.owasp.org/index.php/Session_fixation
; session.use_strict_mode = 0
session.use_strict_mode = 1
; session.cookie_secure definiert, ob Cookies nur über sichere Verbindungen geschickt werden sollen
; session.cookie_secure = 0
session.cookie_secure = 1
; Whether or not to add the httpOnly flag to the cookie, which makes it
; inaccessible to browser scripting languages such as JavaScript.
; http://php.net/session.cookie-httponly
; session.cookie_httponly = 0
session.cookie_httponly = 1
Opcache
; Determines if Zend OPCache is enabled
;opcache.enable=1
opcache.enable=1
; The maximum number of keys (scripts) in the OPcache hash table.
; Only numbers between 200 and 1000000 are allowed.
;opcache.max_accelerated_files=10000
opcache.max_accelerated_files=100000
; If disabled, all PHPDoc comments are dropped from the code to reduce the
; size of the optimized code.
;opcache.save_comments=1
opcache.save_comments=0
; The OPcache shared memory storage size.
;opcache.memory_consumption=128
; The amount of memory for interned strings in Mbytes.
;opcache.interned_strings_buffer=8