One simple way to
obtain key information about server characteristics is via the server signature. For
CHAPTER 2 ?– CONFIGURING YOUR EN V IRONMENT 39
example, Apache will broadcast the following information within each response
header by default:
Apache/2.2.0 (Unix) PHP/6.0.0 PHP/6.0.0-dev Server at www.example.com Port 80
Disabling expose_php prevents the Web server signature (if enabled) from broadcasting
the fact that PHP is installed. Although you need to take other steps to ensure
sufficient server protection, obscuring server properties such as this one is nonetheless
heartily recommended.
?– Note You can disable Apache??™s broadcast of its server signature by setting ServerSignature to
Off in the httpd.conf file.
Resource Limits
Although PHP??™s resource-management capabilities were improved in version 5, you
must still be careful to ensure that scripts do not monopolize server resources as a
result of either programmer- or user-initiated actions. Three particular areas where
such overconsumption is prevalent are script execution time, script input processing
time, and memory. Each can be controlled via the following three directives.
max_execution_time = integer
Scope: PHP_INI_ALL; Default value: 30
The max_execution_time parameter places an upper limit on the amount of time,
in seconds, that a PHP script can execute. Setting this parameter to 0 disables any
maximum limit.
Pages:
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121