PHP Experts - I have not worked extensively in PHP until now and setting up a new PHP on a windows server using Plesk and PHP 5.4.15. There are some settings I would like some opinions on. I don't need each one, but if any few of these you have a strong opinion on.
For instance, there is an option for error reporting to go to a file inside our outside the webroot. If there is an error, I just don't want the actual error to be available except on the server like asp if that is possible.
The maximum amount of memory in bytes a script is allowed to allocate. Set the value to -1 to have no memory limit (not recommended). Use shortcuts for byte values: K (kilo), M (mega), and G (giga). For example, 128M.
The maximum time in seconds a script is allowed to run before it is terminated.
The maximum time in seconds a script is allowed to parse input data.
The maximum size in bytes of data that can be posted with the POST method. Typically, should be larger than upload_max_filesize and smaller than memory_limit. Use shortcuts for byte values: K (kilo), M (mega), and G (giga). For example, 128M.
The maximum size in bytes of an uploaded file. Use shortcuts for byte values: K (kilo), M (mega), and G (giga). For example, 128M.
(Removed in PHP 5.4.0) Enables PHP safe mode. This mode puts a number of restrictions on scripts (say, access to file system) mainly for security reasons.
(Removed in PHP 5.4.0) If PHP is in the safe mode and a script tries to access some files, files from this directory will bypass security (UID/GID) checks. The directory must also be in include_path. For example: /dir/inc
(Removed in PHP 5.4.0) If PHP is in the safe mode, scripts can execute external programs located only in this directory. For example: /dir/external
The list of directories where scripts look for files (similar to system's PATH variable). To separate directories, use a colon (:) on Linux and a semicolon (;) on Windows. For example, on Linux: .:/dir/inc:/usr/lib/php
The directory where PHP writes session data (files). For example: /dir/tmp
Additional parameters for the mail() function used to send mail. For example, to use your custom Sendmail configuration: -C /dir/conf.cf
Tells whether to register the contents of the EGPCS (Environment, GET, POST, Cookie, Server) variables as global variables. When on, register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This option is a great security risk, thus do not turn it on without necessity.
The list of directories used to limit the files that can be opened by PHP. If the file is outside the specified directories, PHP scripts will refuse to open it. To separate directories, use a colon (:) on Linux and a semicolon (;) on Windows. For example, on Linux: /dir/upload:/usr/tmp
The error reporting level.
Determines whether errors should be printed to the screen as part of the output or if they should not be shown to a user.
Tells whether to log errors. By default, errors are logged in the server's error log. Use the error_log directive to specify the path to your own log file.
Allows PHP file functions to retrieve data from remote locations over FTP or HTTP. This option is a great security risk, thus do not turn it on without necessity.
Allows uploading files over HTTP.
Allows the short form (<? ?>) of the PHP's open tag.
(Removed in PHP 5.4.0) Sets the magic_quotes state for the GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash), and NULL special characters are escaped with the \ (backslash) automatically.