Follow the below settings for achieving better performace.
register_globals = Off
Register_globals is fortunately since PHP 4.2.0 is disabled by default. If this setting to On, it is possible to all super global associative array of records ($ _POST, $ _GET, $ _REQUEST, $ _SESSION, $ _COOKIE, $ _SERVER, etc.) as a variable access. $ _SERVER [ 'PHP_SELF'] then has the same content as $ PHP_SELF. And this is precisely what is a security risk if variables are not properly initialized. Therefore, these parameters are always off. If your own or third party scripts will no longer work, it is advisable to rewrite it rather than on register_globals to be on!
And quite incidentally eats memory, of course, to now back in the direction of performance-redirect, because every array entry must be an additional variable load.
expose_php = Off
This setting adds - if they are to On - any HTTP response header entry, that the page was created with PHP. This is unnecessary, because your users are not interested anyway. Interesting but very probably hackers, because the more the infrastructure on the one side, the easier it gets. And out of sight performance, the added header entry of course be transferred to the client. So better off to make.
register_argc_argv = OffThis setting is only useful if you PHP from the command calls and wants mitgeben parameters (as in C, these happen to be in argv and the number of parameters in argc). Who does not do so, you can safely disable register_argc_argv since then less memory is occupied.
always_populate_raw_post_data = Off
If this setting is enabled, then $ HTTP_RAW_POST_DATA filled. I've never needed. But you should look at the foreign scripts eigesetzten see if the use of this variable. Wordpress does this, for example, but is so smart (because it was on as many server configurations to run), not to leave, because if always_populate_raw_post_data Off is on, you can still input stream and then retrieve the same data:
if ( ! isset ( $HTTP_RAW_POST_DATA ) ) {
$HTTP_RAW_POST_DATA = file_get_contents ( ‘php://input’ ) ;
}
It was briefly mentioned here, just like us to work with PHP Streams makes, because you can simply treat such files - great if you compare times with Java ...
In consequence always_populate_raw_post_data can always be turned off and let the above snippet to be built. Otherwise, pull the server at times, etc. and suddenly nothing is more. Is also an additional security.
Please make these settings but not simply and well, but after switching to test your project and enabled the best and the PHP error log and provide error reporting to E_ALL, so that you can see, if something goes wrong. Optimal would be of course a separate development server - at any rate, it is not recommended, without testing the settings. If someone other tricks in php.ini (in terms of performance or security) knows, I would be happy about comments.
No comments:
Post a Comment