Kayla

H

I'd like to say this happened like 2 years too late... but oh well.

Does the php.ini thing mean people actually have full control over the configuration of PHP on their account?

Kayla

Full, not as in go crazy and take over the server with your c0dez, but full as in: we previously controlled PHP configuration largely by files that orchestrated all accounts on the server at once. It looked a lot like this, you could say!



Now we are focusing more on the unique needs of each user and ready to help them with more customization. Could this cause problems on the new servers? That's ALWAYS a concern. So far everything looks ok!

Kayla

There are some things I am still trying to figure out myself though.
I thought with PHP5 if you place the php.ini file in public_html, it sets those rules for all other folders. Apparently with the WordPress issue earlier, that isn't so. It seems any folder can have it's own version of the file.

But isn't that a GOOD thing?

H

Actually, I'm seeing the full configuration thing as something good. I'm sure by default it uses a Surpass provided one, correct? (mt) does this and it was pretty sweet that I could disable some of the nasty things like magic_quotes, register_globals, etc... And it's the worst when someone decides to change the configuration, totally messing up your site because it depended on a function that was disabled. Good news for those that still use PHP.

H

It can be good yeah... Harden your php.ini globally and then open up other stuff as needed on a folder basis.

Mark

No more remote includes exploits by default yay!

MarkRH

I had them change the behavior on my server some time ago to where I could use my own PHP.INI files for PHP5 stuff. Actually, I think my PHP.INI file settings are more secure/efficient than the server's default.. the PHP.INI in my public_html folder does control how php behaves for any php file in any folder of that domain. I have a separate PHP.INI for each one of my subdomains and add-on domains. If I didn't do that, it would use the default server config. One thing I like is being able to make the error_log file be the same physical file for all my domains that way I only have to check that one file for errors being generated from any script.

jdcopelin

Any idea how they accomplished these things?

I would really like a single php.ini file in the public_html folder to control the sub-folders of that domain. So far I haven't found a way to do that.

Also, having just the one error_log file sounds good, it would save so much time trawling through every users cpanel to check for errors... although in my current set-up I sometimes get error_log files created in the directory of the php file that got the error (rather than in the cpanel error_log) which can be a problem during development. Never found a way to stop this - from what I've read it is a drawback of using phpsuexec.

Any ideas?

Cheers
Jonathan