The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ideal PHP settings for Cpanel/WHM

Discussion in 'General Discussion' started by nitaish, Apr 30, 2008.

  1. nitaish

    nitaish Well-Known Member
    PartnerNOC

    Joined:
    Jan 6, 2006
    Messages:
    123
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Mulund, India, India
    Hello All,

    Can anybody tell me what are the ideal settings of PHP for cpanel/WHM. Many of the customers ask for certain settings to be done in PHP so that their applications work fine. I want to know which modules/variables should be enabled and which should be disabled so that there is no problem with the server security and also maximum applications work fine. I also have Fantastico enabled.
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    The PHP Hardening Guide in the EA3 documentation is a good starting point: http://www.cpanel.net/support/docs/ea/ea3/ea3php_hardening_php.html

    We have several server security presentations at this year's cPanel Conference if you wish to learn more about the topic as a whole: http://conference.cPanel.net

    I'm sure this thread will spark some discussion.

    I believe there are 3 things that most would agree should be done for a good PHP setup on a new server: run PHP 5 as SuPHP and turn off register_globals in php.ini. Any scripts that require register_globals or require PHP 4 are likely poorly maintained and likely to have many known vulnerabilities.

    SuPHP will substantially reduce the likelihood of a single exploited account bringing down the entire server. Additionally, with SuPHP, all scripts run as the user so you no longer have to worry about ownership issues and abusive scripts can be tracked to the account running them.

    However, as the documentation states, PHP security is a balancing act between functionality and security and it is best to understand the options you are enabling/disabling when creating your own PHP security procedures.
     
  3. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    how to turn register_globals on for one account

    Then how do you suggest, we turn register_globals on for one account...if its server wide disabled
     
  4. bitstream

    bitstream Member

    Joined:
    May 18, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Las Vegas, NV
    You can override the register_globals settings for a single account if necessary by using .htaccess rules or putting a php.ini file in the user's public_html directory (or whatever directory you want those settings changed for).
     
Loading...

Share This Page