ini_set questions

[vlee]

Should ini_set be enabled or disabled?

I see this remark below

You should consider adding ini_set to the disable_functions in the PHP configuration as this setting allows PHP scripts to override global security and performance settings for PHP scripts. Adding ini_set can break PHP scripts and commenting out any use of ini_set in such scripts is advised

Is ini_set being even used in known scripts now days?

I am currently using

CENTOS 6.4 i686 WHM 11.38.0 (build 16)

PHP 5.3.26 suphp Apache suEXEC

 

[ES - George]

That message appears to be coming from CSFs security check. We personally do not disable ini_set globally since almost all customers require the use of it. It totally depends on the server environment though, if you're hosting hundreds of shared hosting customers, it would make sense to allow the use of it globally. If you're hosting a few local clients/friends, etc. you might consider enabling the use of it on a case by case basis.

 

[cPanelMichael]

Hello

If you are looking for methods to improve the security of suPHP, you can also review this thread:

Methods to Increase Security on suPHP

Thank you.

 

[vlee]

I was just making sure about this by getting others input on the matter. My key goal is to provide the maximum security as possible without effecting the everyday life on a shared hosting service.

I do not like hackers, spammers and those who have nothing better to do but try to destroy others.

I welcome all comments to combat these threats above.

 

[Archmactrix]

My key goal is to provide the maximum security as possible without effecting the everyday life on a shared hosting service.

Then you should proceed carefully if a client is using Drupal 7 as it seems to require that ini_set is enabled.