Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Trying To Setup PHP

  • Please log in to reply

wendy k. walker

wendy k. walker


  • Banned
  • PipPipPip
  • 354 posts
Hi Everyone,

I'm busily trying to get PHP setup on my PC using Windows XP Home Edition with SP2 as my operating system and I'm wanting to get it setup as secure as I can.

I'm hoping that someone here might be able to answer the following:

Question: What should "safe_mode_allowed_env_vars = PHP_" be set to?
Question: What functions of PHP should be listed after the "disable_functions =" and "disable_class ="
lines for security reasons?
Question: What [if anything] should I put after "user_dir =" ?
Question: What should I do with the following two lines;
; Define the anonymous ftp password (your email address)
; from="john@doe.com"

I'm not too sure about the last question because I understand what "Define the anonymous ftp password" actually means but I think it might mean to uncomment the 'from=' line and put in a valid email address. Is that correct?

Thanks for any help.


Edited by wendy k. walker, 22 February 2007 - 02:33 PM.

  • 0





  • Member
  • PipPipPip
  • 181 posts
Hi Wendy,

What should "safe_mode_allowed_env_vars = PHP_" be set to?

Unless you are running in safe mode, which you should not be, this is fine the way it is. In safe mode, users can only modify enviroment variables with the prefix PHP_.

What functions of PHP should be listed after the "disable_functions =" and "disable_class ="
lines for security reasons?

Unless you know the names of the functions and classes, I could give you some Linux examples, you can leave these blank for now.

What [if anything] should I put after "user_dir =" ?

"The directory under which PHP opens the script using /~username used only if nonempty." Blank is fine for now.

And you can leave the ftp lines commented out. Ftp settings are best left to the ftp server.

More on PHP and Safe Mode.

Securing the web server, Apache, should be done in Apache.


Edited by -=blaster=-, 23 February 2007 - 02:56 AM.

  • 0

wendy k. walker

wendy k. walker


  • Topic Starter
  • Banned
  • PipPipPip
  • 354 posts
Hi -=blaster=-,

Thanks for your reply. Safe mode was set to --> safe_mode = Off during installation as was --> safe_mode_gid = Off and I've left those as they were.

As for the "disable_functions =" and "disable_class =" seeing as I have no idea what that is in reference I have left them empty rather than take a chance of messing something up.

I'm using the "php.ini-recomended" file for my "php.ini" file and I'm trying to heed any\all warnings or suggestions that I come across as I look through it but a lot of that stuff is confusing to me because I don't understand what it means.

Shoot, :whistling: I'm still trying to develop 'My Geekness' here and I'm struggling to understand the terminology that most of the manuals kind of take for granted that everyone already knows.

I mean like the "disable_functions =" statement, I don't really know what is meant by 'function' but by reading through all of that stuff I'm figuring that that means any action that the program might preform.

Anyway I opted to leave "disable_functions =" , "disable_class =" and "user_dir =" blank until I knew for sure what to put in them.

--> Securing the web server, Apache, should be done in Apache. <-- This is an example of my lack of Geekness.

Every time I try to get to some of the juicy stuff in Apache like say --> C:\Apache\Apache2\manual\bind.html <-- or faq

I get something like this;

--> URI: bind.html.en Content-Language: en Content-type: text/html; charset=ISO-8859-1 URI: bind.html.es Content-Language: es Content-type: text/html; charset=ISO-8859-1 URI: bind.html.fr Content-Language: fr Content-type: text/html; charset=ISO-8859-1 URI: bind.html.ja.euc-jp Content-Language: ja Content-type: text/html; charset=EUC-JP URI: bind.html.ko.euc-kr Content-Language: ko Content-type: text/html; charset=EUC-KR <--

If I open it in wordpad it's easier to read BUTT I still have no idea what its saying. So where should I be looking in Apache to get my security settings set?

Sorry to be such a bother, and thanks for your help Boo.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP