| allow_url_fopen |
Warning
allow_url_fopen is enabled. This could be a serious security risk. You should disable allow_url_fopen and consider using the PHP cURL functions instead.
| Current Value: |
1 |
| Recommended Value: |
0 |
|
| display_errors |
Notice
display_errors is enabled. This is not recommended on "production" servers, as it could reveal sensitive information. You should consider disabling this feature
| Current Value: |
1 |
| Recommended Value: |
0 |
|
| expose_php |
Notice
expose_php is enabled. This adds
the PHP "signature" to the web server header, including the PHP version number. This
could attract attackers looking for vulnerable versions of PHP
| Current Value: |
1 |
| Recommended Value: |
0 |
|
| file_uploads |
Notice
file_uploads are enabled. If you do not require file upload capability, consider disabling them.
| Current Value: |
1 |
| Recommended Value: |
0 |
|
| group_id |
Warning
PHP may be executing as a "privileged" group, which could be a serious security vulnerability.
| Current Value: |
70 |
| Recommended Value: |
100 |
|
| magic_quotes_gpc |
Notice
magic_quotes_gpc is enabled. This
feature is inconsistent in blocking attacks, and can in some cases cause data loss with
uploaded files. You should not rely on magic_quotes_gpc to block attacks. It is
recommended that magic_quotes_gpc be disabled, and input filtering be handled by your PHP
scripts
| Current Value: |
1 |
| Recommended Value: |
0 |
|
| memory_limit |
Warning
memory_limit does not appear to be enabled. This
leaves the server vulnerable to attacks that attempt to exhaust resources and creates an environment
where poor programming practices can propagate unchecked. This must be enabled at compile time by
including the parameter "--enable-memory-limit" in the configure line. Once enabled "memory_limit" may
be set in php.ini to define the maximum amount of memory a script is allowed to allocate.
| Current Value: |
0 |
| Recommended Value: |
8388608 |
|
| open_basedir |
Notice
open_basedir is disabled. When
this is enabled, only files that are in the
given directory/directories and their subdirectories can be read by PHP scripts.
You should consider turning this on. Keep in mind that other web applications not
written in PHP will not be restricted by this setting.
| Current Value: |
0 |
| Recommended Value: |
1 |
|
| post_max_size |
Notice
post_max_size is not enabled, or is set to
a high value. Allowing a large value may open up your server to denial-of-service attacks
| Current Value: |
8388608 |
| Recommended Value: |
262144 |
|
| register_globals |
Pass
register_globals is disabled, which is the recommended setting
| Current Value: |
0 |
| Recommended Value: |
0 |
|
| upload_max_filesize |
Notice
upload_max_filesize is not enabled, or is set to a high value. Are you sure your apps require uploading files of this size? If not, lower the limit, as large file uploads can impact server performance
| Current Value: |
2097152 |
| Recommended Value: |
262144 |
|
| upload_tmp_dir |
Notice
upload_tmp_dir is disabled, or is set to a
common world-writable directory. This typically allows other users on this server
to access temporary copies of files uploaded via your PHP scripts. You should set
upload_tmp_dir to a non-world-readable directory
| Current Value: |
(0) |
| Recommended Value: |
A non-world readable/writable directory |
|
| user_id |
Warning
PHP may be executing as a "privileged" user, which could be a serious security vulnerability.
| Current Value: |
70 |
| Recommended Value: |
100 |
|