php.ini安全配置

1.session.use_cookies = 1

2.session.use_only_cookies = 1

3.short_open_tag = On

4.allow_url_fopen = Off

5.allow_url_include = Off

6.disable_functions =phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_set,ini_restore,pfsockopen,dl,pfsockopen,syslog,readlink,symlink,popen,stream_socket_server,putenv,

7.display_errors = Off;生产环境关闭，调试开启

8.enable_dl = Off

9.error_reporting=E_ALL

10.file_uploads = Off;看需要开启

11.

12.magic_quotes_gpc = Off

13.memory_limit=8;看情况调节

14.open_basedir =D:/www;看情况调节

15.register_globals=Off

16.safe_mode=On

17.session.save_handler = files;建议改为数据库存储

18.mysql密码管理 建议建立一db.inc文件，内容为

SetEnv DB_USER "root"
SetEnv DB_PASS ""

SetEnv DB_HOST "localhost"

然后修改httpd.conf，添加以下内容

Include "d:/pass.txt"

php文件中使用mysql链接

mysqli($_SERVER['DB_HOST'],$_SERVER['DB_USER'],$_SERVER['DB_PASS']);

19.