php5.3站点间安全及.user.ini功能
php.ini 配置如果你使用的是Nginx+php,且在一台服务器上使用多个网站,可能对服务器PHP进程间的安全感到担心,也会觉得Nginx+php不适合多站点的部署:没有Apache php_admin_value对open_basedir的限制,也没有.htaccess对php.ini的自定义。PHP5.3及时地对这方面进行弥补,可能很多系统管理员和PHP程序员不知道,php5.3内置了对nginx这类软件类apache的支持:
使用和对php.ini进行自定义open_basedir ="/data/www/pic.a.com:/tmp:/tmpnfs:/data/www/yii:/data/www/lib"
open_basedir ="/data/www/bbs.a.com:/tmp:/tmpnfs:/data/www/yii:/data/www/lib"
Notice:这些设置仅仅在CGI/FastCGI中生效,并且不能设置extension和zend_extension指令。如果要exetnsion生效,也有人提出了解决方案:
http://www.php.net/manual/zh/ini.sections.phpFor example hosts.ini:display_errors = on
this will change the section back to where extension= and zend_extension= is allowed.
用phpshell进行测试$ cd /data/www/bbs.a.comchdir(): open_basedir restriction ineffect. File(/data/www/bbs.a.com) is not within the allowed path(s):(/data/www/pic.a.com:/tmp:/tmpnfs:/data/www/yii:/data/www/lib)cd: could not change to: /data/www/bbs.a.com
http://www.php.net/manual/en/configuration.file.per-user.php
类似apache的/htaccess的功能也被支持了,那就是.user.ini 文件
.user.ini files
Since PHP 5.3.0, PHP includes support for .htaccess-styleINI files on a per-directory basis. These files are processed only by theCGI/FastCGI SAPI. This functionality obsoletes the PECL htscanner extension. Ifyou are using Apache, use .htaccess files for the same effect.
In addition to the main php.ini file, PHPscans for INI files in each directory, starting with the directory of therequested PHP file, and working its way up to the current document root (as setin $_SERVER['DOCUMENT_ROOT']). In case the PHP file is outside the documentroot, only its directory is scanned.
Only INI settings with the modesPHP_INI_PERDIR and PHP_INI_USER will be recognized in .user.ini-style INIfiles.
Two new INI directives, user_ini.filenameand user_ini.cache_ttl control the use of user INI files.
user_ini.filename sets the name of the filePHP looks for in each directory; if set to an empty string, PHP doesn't scan atall. The default is .user.ini.
user_ini.cache_ttl controls how often userINI files are re-read. The default is 300 seconds (5 minutes).
PHP.ini文件中有下列的配置项;;;;;;;;;;;;;;;;;;;;; php.ini Options;;;;;;;;;;;;;;;;;;;;;; Name for user-defined php.ini (.htaccess)files. Default is ".user.ini"user_ini.filename = ".user.ini"
; To disable this feature set this optionto empty value;user_ini.filename =
; TTL for user-defined php.ini files(time-to-live) in seconds. Default is 300 seconds (5 minutes)user_ini.cache_ttl = 300
.user.ini测试 不起作用其他普通的变量有效
/usr/bin/vim .user.inierror_log = /var/log/php_error2.log
用phpinfo能看到如下: error_log /var/log/php_error2.log /var/log/php_errors2.log
床上运动也可以减肥的,你们都不知道吗? 女,喜甜食,甚胖!该女有一癖好:痛恨蚂蚁,见必杀之。问其故曰:这小东西,那么爱吃甜食,腰还那么细! 床上运动也可以减肥的,你们都不知道吗? 男人有冲动可能是爱你,也可能是不爱,但没有冲动肯定是不爱! 天塌下来你顶着,我垫着! 人生不能像做菜、把所有的料都准备好才下锅!
页:
[1]