Safe_Mode and register_globals, on or off for best security?
Hello all, I have been having some load trouble with my VPS so I was going through the settings on the server to try and see if I could stop some it by changing some settings. WHile looking through the PHP COnfiguration Editor I noticed that safe_mode and register_globals are both turned off.
For security reasons, which is the best setting for those. Should I trun them on, or leave them off?
safe_mode should be on, register_global should be off.
GPLHost:>_ open source hosting worldwide (I'm founder, CEO & official Debian Developer)
Servers & our leading control panel and our Xen VPS hosting, which are already included in Debian and Ubuntu
Available in: Kuala Lumpur, Singapore, Sydney, Seattle, Atlanta, Paris, London, Barcelona, Zurich, Israel
Register globals should probably be set to "off" regardless. As far as safe mode goes, I've read a bit of debate, but here's what a Joomla doc/article has to say:
Enabling safe_mode is not needed if other reasonable security precautions are followed. Using safe_mode for web site security is a poor compromise in a bad situation. It may make sense in some situations, but there is almost always a better way. Because safe_mode in some sense only gives the illusion of safety, it will be removed from PHP starting with version 6.0.
In any case, since both will be gone eventually anyway, may as well keep them both off.