Setting php. ini Security

Php is a popular server-side scripting language, for/etc/php. ini: # disable the dangerous function disable_functions = phpinfo, system, mail, exec ## restrict resources ### maximum execution time of each script, unit: seconds max_execution_time = 30 # maximum time for each script to parse request data max_input_time = 60 # maximum memory (8 MB) that can be consumed by each script) memory_limit = 8 M # maximum size of POST data to be received by PHP post_max_size = 8 M # whether to allow uploading file_uploads = Off # maximum file size allowed to be uploaded upload_max_filesize = 2 M # No PHP error messages are exposed to external users display_errors = Off # enable security mode safe_mode = On # Only allow access to the executable file safe_mode_exec_dir = php-required-executables-path # Restrict external access PHP resource safe_mode_allowed_env_vars = PHP _ # Restrict leakage of PHP information expose_php = Off # record all errors log_errors = On # do not register global register_globals = Off for input data # minimize allowed php post size post_max_size 1 K # ensure that PHP redirection is correct cgi. force_redirect = 0 # upload prohibited, unless necessary, file_uploads = Off # enable SQL security mode SQL. safe_mode = On # avoid opening the remote file allow_url_fopen = Off