Talk:Security Considerations

From Habari Project

Jump to: navigation, search
  • We should provide a reference to the default PHP session lifetime, so that folks know what to expect. Linux distributions and hosting providers might change this value, but the PHP default should be listed / referenced.
  • "For example, on shared machines," -- this should be clarified to state "shared workstations" or similar, to disambiguate it from shared-hosting environment.
  • PHP-as-CGI: is there a way for a user to easily determine how PHP is running on their host? This should be documented first, so that the user can skip the bits that don't immediately apply to their situation.
    • Why not have Habari install the SQLite file directly outside the docroot? You can pass a full path to the installer, of the sort /home/user/db/habari.db.
    • I dislike seeing us advocate relative paths in the config.php. I'd rather see an absolute path.
  • PHP-as-module: I think the DSN listed is incorrect. It appears to be missing a /www prefix.
    • I suggest we reproduce the .htaccess file in both sections, so as to minimize confusion.

I've added information on how to check if PHP is run as a CGI michaeltwofish 13:35, 14 March 2008 (UTC)

Personal tools