php.ini_securitynotes

author Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>

Sat, 2 May 2015 08:26:52 +0000 (10:26 +0200)

committer Ondřej Surý <ondrej@debian.org>

Fri, 30 Aug 2024 09:13:51 +0000 (11:13 +0200)
author Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Sat, 2 May 2015 08:26:52 +0000 (10:26 +0200)
committer Ondřej Surý <ondrej@debian.org>
Fri, 30 Aug 2024 09:13:51 +0000 (11:13 +0200)
diff --git a/php.ini-development b/php.ini-development

index 5fb106682cb8d3880a1150e834b1a2dd16f5af44..e53f0ce3bb6f36eccbd078939beb7412415f80d3 100644 (file)
--- a/php.ini-development
+++ b/php.ini-development
@@ -315,6 +315,12 @@ serialize_precision = -1
  ; or per-virtualhost web server configuration file.
  ; Note: disables the realpath cache
  ; https://php.net/open-basedir
+
+; NOTE: this is considered a "broken" security measure.
+;       Applications relying on this feature will not receive full
+;       support by the security team.  For more information please
+;       see /usr/share/doc/php-common/README.Debian.security
+;
  ;open_basedir =
  
  ; This directive allows you to disable certain functions.
@@ -1369,7 +1375,7 @@ session.save_handler = files
  ; where MODE is the octal representation of the mode. Note that this
  ; does not overwrite the process's umask.
  ; https://php.net/session.save-path
-;session.save_path = "/tmp"
+;session.save_path = "/var/lib/php/sessions"
  
  ; Whether to use strict session mode.
  ; Strict session mode does not accept an uninitialized session ID, and
author	Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
	Sat, 2 May 2015 08:26:52 +0000 (10:26 +0200)
committer	Ondřej Surý <ondrej@debian.org>
	Fri, 30 Aug 2024 09:13:51 +0000 (11:13 +0200)