7878; compatibility with older or less security conscience applications. We
7979; recommending using the production ini in production and testing environments.
8080
81- ; php.ini-development is very similar to its production variant, except it's
82- ; much more verbose when it comes to errors. We recommending using the
83- ; development version only in development environments as errors shown to
81+ ; php.ini-development is very similar to its production variant, except it is
82+ ; much more verbose when it comes to errors. We recommend using the
83+ ; development version only in development environments, as errors shown to
8484; application users can inadvertently leak otherwise secure information.
8585
86+ ; This is php.ini-production INI file.
87+
8688;;;;;;;;;;;;;;;;;;;
8789; Quick Reference ;
8890;;;;;;;;;;;;;;;;;;;
197199engine = On
198200
199201; This directive determines whether or not PHP will recognize code between
200- ; <? and ?> tags as PHP source which should be processed as such. It's been
201- ; recommended for several years that you not use the short tag "short cut" and
202- ; instead to use the full <?php and ?> tag combination. With the wide spread use
202+ ; <? and ?> tags as PHP source which should be processed as such. For several
203+ ; years we recommended that you not use the short tag shortcut and
204+ ; instead to use the full <?php and ?> tag combination. With the widespread use
203205; of XML and use of these tags by other languages, the server can become easily
204- ; confused and end up parsing the wrong code in the wrong context. But because
205- ; this short cut has been a feature for such a long time, it's currently still
206- ; supported for backwards compatibility, but we recommend you don't use them.
206+ ; confused and end up parsing the wrong code in the wrong context.
207+ ; This shortcut is still supported for backwards compatibility, but we
208+ ; recommend against its use.
209+ ; Default Value: On
207210; Default Value: On
208211; Development Value: Off
209212; Production Value: Off
@@ -432,7 +435,7 @@ memory_limit = 128M
432435; E_NOTICE - run-time notices (these are warnings which often result
433436; from a bug in your code, but it's possible that it was
434437; intentional (e.g., using an uninitialized variable and
435- ; relying on the fact it's automatically initialized to an
438+ ; relying on the fact it is automatically initialized to an
436439; empty string)
437440; E_STRICT - run-time notices, enable to have PHP suggest changes
438441; to your code which will ensure the best interoperability
@@ -465,8 +468,8 @@ error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
465468; it could be very dangerous in production environments. Depending on the code
466469; which is triggering the error, sensitive information could potentially leak
467470; out of your application such as database usernames and passwords or worse.
468- ; It's recommended that errors be logged on production servers rather than
469- ; having the errors sent to STDOUT.
471+ ; For production environments, we recommend logging errors rather than
472+ ; sending them to STDOUT.
470473; Possible Values:
471474; Off = Do not display any errors
472475; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
@@ -480,8 +483,8 @@ display_errors = Off
480483; The display of errors which occur during PHP's startup sequence are handled
481484; separately from display_errors. PHP's default behavior is to suppress those
482485; errors from clients. Turning the display of startup errors on can be useful in
483- ; debugging configuration problems. But, it's strongly recommended that you
484- ; leave this setting off on production servers.
486+ ; debugging configuration problems. We strongly recommend you
487+ ; set this to ' off' for production servers.
485488; Default Value: Off
486489; Development Value: On
487490; Production Value: Off
@@ -775,8 +778,8 @@ enable_dl = Off
775778;fastcgi.logging = 0
776779
777780; cgi.rfc2616_headers configuration option tells PHP what type of headers to
778- ; use when sending HTTP response code. If it's set 0 PHP sends Status: header that
779- ; is supported by Apache. When this option is set to 1 PHP will send
781+ ; use when sending HTTP response code. If set to 0, PHP sends Status: header that
782+ ; is supported by Apache. When this option is set to 1, PHP will send
780783; RFC2616 compliant header.
781784; Default is zero.
782785; http://php.net/cgi.rfc2616-headers
@@ -1376,9 +1379,9 @@ session.save_handler = files
13761379;
13771380; where N is an integer. Instead of storing all the session files in
13781381; /path, what this will do is use subdirectories N-levels deep, and
1379- ; store the session data in those directories. This is useful if you
1380- ; or your OS have problems with lots of files in one directory, and is
1381- ; a more efficient layout for servers that handle lots of sessions.
1382+ ; store the session data in those directories. This is useful if
1383+ ; your OS has problems with many files in one directory, and is
1384+ ; a more efficient layout for servers that handle many sessions.
13821385;
13831386; NOTE 1: PHP will not create this directory structure automatically.
13841387; You can use the script in the ext/session dir for that purpose.
@@ -1405,7 +1408,7 @@ session.use_cookies = 1
14051408; This option forces PHP to fetch and use a cookie for storing and maintaining
14061409; the session id. We encourage this operation as it's very helpful in combating
14071410; session hijacking when not specifying and managing your own session id. It is
1408- ; not the end all be all of session hijacking defense, but it's a good start.
1411+ ; not the be- all and end- all of session hijacking defense, but it's a good start.
14091412; http://php.net/session.use-only-cookies
14101413session.use_only_cookies = 1
14111414
@@ -1478,14 +1481,14 @@ session.gc_maxlifetime = 1440
14781481
14791482; PHP 4.2 and less have an undocumented feature/bug that allows you to
14801483; to initialize a session variable in the global scope.
1481- ; PHP 4.3 and later will warn you, if this feature is used.
1484+ ; PHP 4.3 and later will warn you if this feature is used.
14821485; You can disable the feature and the warning separately. At this time,
14831486; the warning is only displayed, if bug_compat_42 is enabled. This feature
1484- ; introduces some serious security problems if not handled correctly. It's
1485- ; recommended that you do not use this feature on production servers. But you
1487+ ; introduces some serious security problems if not handled correctly. We
1488+ ; recommend you not use this feature on production servers. You
14861489; should enable this on development servers and enable the warning as well. If you
14871490; do not enable the feature on development servers, you won't be warned when it's
1488- ; used and debugging errors caused by this can be difficult to track down.
1491+ ; used, so debugging errors caused by this can be difficult to track down.
14891492; Default Value: On
14901493; Development Value: On
14911494; Production Value: Off
@@ -1530,7 +1533,7 @@ session.cache_limiter = nocache
15301533session.cache_expire = 180
15311534
15321535; trans sid support is disabled by default.
1533- ; Use of trans sid may risk your users security.
1536+ ; Use of trans sid may risk your users' security.
15341537; Use this option with caution.
15351538; - User may send URL contains active session ID
15361539; to other person via. email/irc/etc.
0 commit comments