Ideal PHP settings for Cpanel/WHM

[nitaish]

Hello All,

Can anybody tell me what are the ideal settings of PHP for cpanel/WHM. Many of the customers ask for certain settings to be done in PHP so that their applications work fine. I want to know which modules/variables should be enabled and which should be disabled so that there is no problem with the server security and also maximum applications work fine. I also have Fantastico enabled.

[cPanelDavidG]

Hello All,

Can anybody tell me what are the ideal settings of PHP for cpanel/WHM. Many of the customers ask for certain settings to be done in PHP so that their applications work fine. I want to know which modules/variables should be enabled and which should be disabled so that there is no problem with the server security and also maximum applications work fine. I also have Fantastico enabled.

The PHP Hardening Guide in the EA3 documentation is a good starting point: http://www.cpanel.net/support/docs/e...ening_php.html

We have several server security presentations at this year's cPanel Conference if you wish to learn more about the topic as a whole: http://conference.cPanel.net

I'm sure this thread will spark some discussion.

I believe there are 3 things that most would agree should be done for a good PHP setup on a new server: run PHP 5 as SuPHP and turn off register_globals in php.ini. Any scripts that require register_globals or require PHP 4 are likely poorly maintained and likely to have many known vulnerabilities.

SuPHP will substantially reduce the likelihood of a single exploited account bringing down the entire server. Additionally, with SuPHP, all scripts run as the user so you no longer have to worry about ownership issues and abusive scripts can be tracked to the account running them.

However, as the documentation states, PHP security is a balancing act between functionality and security and it is best to understand the options you are enabling/disabling when creating your own PHP security procedures.

[JawadArshad]

Then how do you suggest, we turn register_globals on for one account...if its server wide disabled

[bitstream]

You can override the register_globals settings for a single account if necessary by using .htaccess rules or putting a php.ini file in the user's public_html directory (or whatever directory you want those settings changed for).