vlee

Well-Known Member
Oct 13, 2005
368
25
178
Spokane, Washington
cPanel Access Level
Root Administrator
Should ini_set be enabled or disabled?

I see this remark below

You should consider adding ini_set to the disable_functions in the PHP configuration as this setting allows PHP scripts to override global security and performance settings for PHP scripts. Adding ini_set can break PHP scripts and commenting out any use of ini_set in such scripts is advised

Is ini_set being even used in known scripts now days?

I am currently using

CENTOS 6.4 i686 WHM 11.38.0 (build 16)

PHP 5.3.26 suphp Apache suEXEC
 

ES - George

Well-Known Member
PartnerNOC
Jun 12, 2011
179
24
68
UK
cPanel Access Level
DataCenter Provider
Twitter
That message appears to be coming from CSFs security check. We personally do not disable ini_set globally since almost all customers require the use of it. It totally depends on the server environment though, if you're hosting hundreds of shared hosting customers, it would make sense to allow the use of it globally. If you're hosting a few local clients/friends, etc. you might consider enabling the use of it on a case by case basis.
 

vlee

Well-Known Member
Oct 13, 2005
368
25
178
Spokane, Washington
cPanel Access Level
Root Administrator
I was just making sure about this by getting others input on the matter. My key goal is to provide the maximum security as possible without effecting the everyday life on a shared hosting service.

I do not like hackers, spammers and those who have nothing better to do but try to destroy others.

I welcome all comments to combat these threats above.