问题描述
如何确保使用的.htaccess或自定义的php.ini用户不能覆盖该设置任何提示的配置,我应该用
How to make sure the user cannot override the setting using .htaccess or custom php.iniany tips for configuration i should use
推荐答案
要prevent用户设置在.htaccess文件PHP配置值,不给的AllowOverride选项
在其虚拟主机的权限。
To prevent users setting PHP config values in .htaccess files, do not give AllowOverride Options
permissions on their virtual hosts.
另外,安装PHP作为CGI而不是作为一个Apache模块,CGI版本不受.htaccess文件。然而,由于PHP 5.3.0,PHP CGI并分析每个目录的php.ini文件。我不知道一个方法,打开这个功能的。
Alternatively, install PHP as CGI instead of as an Apache module, as the CGI version is unaffected by .htaccess files. However, since PHP 5.3.0, PHP CGI does parse per-directory php.ini files. I am not aware of a method that turns this off.
编辑:我刚刚看到了这一点,在最新的默认的php.ini:
I've just seen this in the latest default php.ini:
; Directives following the section heading [PATH=/www/mysite] only
; apply to PHP files in the /www/mysite directory. Directives
; following the section heading [HOST=www.example.com] only apply to
; PHP files served from www.example.com. Directives set in these
; special sections cannot be overridden by user-defined INI files or
; at runtime. Currently, [PATH=] and [HOST=] sections only work under
; CGI/FastCGI.
; http://php.net/ini.sections
所以,如果你把指令在主的php.ini下每个目录的标题,他们不能被覆盖。但缺点是,你必须要做到这一点每一个虚拟主机所以它会在那里有许多或者是经常被添加新的环境皮塔。
So if you put directives in your main php.ini under per-directory headings they cannot be overridden. However, the downside is that you'll have to do this for every virtual host so it'll be a PITA in environments where there are many or where new ones are frequently added.
再次编辑:
进一步阅读透露这一点:
Further reading has revealed this:
; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
;user_ini.filename = ".user.ini"
; To disable this feature set this option to empty value
;user_ini.filename =
所以才取消注释最后一行禁用每个用户的ini文件。 : - )
So just uncomment that last line to disable per-user ini files. :-)
这篇关于如何prevent使用的.htaccess或自定义的php.ini覆盖设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!