PHP
The article contains a list of PHP configuration parameters that can affect the security, performance, and stability of Passwork.
The location of the configuration file depends on the type of installation or the operating system used:
- Linux:
- DEB —
/etc/php/8.3/fpm/php.ini - RPM —
/etc/php.ini
- DEB —
- Windows Server —
C:\Program Files\php8.3\php.ini - Docker:
/<passwork>/conf/php/cli-php.ini/<passwork>/conf/php/fpm-php.ini
| Parameter Name | Value | Important | Comment |
|---|---|---|---|
expose_php | Off | Yes | Hides PHP version information in the web server response headers |
display_errors | Off | Yes | Disables output of PHP error information. Should always be Off, as all errors are logged to log files. |
post_max_size | 10MB | Limits the maximum size of data received from the client, protecting against DOS attacks. | |
max_execution_time | 120 to 600 | Maximum script execution time in seconds. Can be increased if necessary | |
max_input_time | 120 | Maximum time in seconds to read data from the client. | |
memory_limit | 256MB to 2GB | Maximum amount of RAM a script can use. Can be increased if necessary | |
max_input_vars | 1000 | Number of parameters in a POST request. Can be increased if there are issues importing large CSV or JSON files. | |
session.cookie_lifetime | 0 | When set to 0, the browser does not store cookies and clears them when the browser restarts | |
session.use_only_cookies | On | Yes | Session will be transmitted only via cookies |
session.use_strict_mode | On | Yes | PHP will not accept session cookies with IDs set by the user rather than issued by PHP. Protects against Cookie Fixation |
session.cookie_httponly | On | Yes | Denies access to cookies from JavaScript |
session.cookie_secure | On | Yes | Cookies will be available only over HTTPS |
session.use_trans_sid | Off | Yes | Prohibits passing the session ID via GET parameters |
session.cache_limiter | nocache | Disables cache | |
session.sid_length | 100 | Yes | Sets the session ID length. A long session ID protects it from brute force attacks (maximum 256). |
session.sid_bits_per_character | 5 | Yes | Maximum variability of characters in the session ID. '4' (0-9, a-f), '5' (0-9, a-v), '6' (0-9, a-z, A-Z, "-", ","). Value 6 is not supported |
session.cookie_domain | If a single domain name is used, it can be specified in this parameter | ||
realpath_cache_size | 4096K | Sets the maximum amount of memory allocated for caching the result of the realpath() function | |
realpath_cache_ttl | 600 | Defines the time (in seconds) during which entries in the realpath() cache are considered valid |