Skip to main content
Version: 7.0

PHP

The article contains a list of PHP configuration parameters that can affect the security, performance, and stability of Passwork.

The location of the configuration file depends on the type of installation or the operating system used:

  • Linux:
    • DEB — /etc/php/8.3/fpm/php.ini
    • RPM — /etc/php.ini
  • Windows Server — C:\Program Files\php8.3\php.ini
  • Docker:
    • /<passwork>/conf/php/cli-php.ini
    • /<passwork>/conf/php/fpm-php.ini
Parameter NameValueImportantComment
expose_phpOffYesHides PHP version information in the web server response headers
display_errorsOffYesDisables output of PHP error information. Should always be Off, as all errors are logged to log files.
post_max_size10MBLimits the maximum size of data received from the client, protecting against DOS attacks.
max_execution_time120 to 600Maximum script execution time in seconds. Can be increased if necessary
max_input_time120Maximum time in seconds to read data from the client.
memory_limit256MB to 2GBMaximum amount of RAM a script can use. Can be increased if necessary
max_input_vars1000Number of parameters in a POST request. Can be increased if there are issues importing large CSV or JSON files.
session.cookie_lifetime0When set to 0, the browser does not store cookies and clears them when the browser restarts
session.use_only_cookiesOnYesSession will be transmitted only via cookies
session.use_strict_modeOnYesPHP will not accept session cookies with IDs set by the user rather than issued by PHP. Protects against Cookie Fixation
session.cookie_httponlyOnYesDenies access to cookies from JavaScript
session.cookie_secureOnYesCookies will be available only over HTTPS
session.use_trans_sidOffYesProhibits passing the session ID via GET parameters
session.cache_limiternocacheDisables cache
session.sid_length100YesSets the session ID length. A long session ID protects it from brute force attacks (maximum 256).
session.sid_bits_per_character5YesMaximum variability of characters in the session ID. '4' (0-9, a-f), '5' (0-9, a-v), '6' (0-9, a-z, A-Z, "-", ","). Value 6 is not supported
session.cookie_domainIf a single domain name is used, it can be specified in this parameter
realpath_cache_size4096KSets the maximum amount of memory allocated for caching the result of the realpath() function
realpath_cache_ttl600Defines the time (in seconds) during which entries in the realpath() cache are considered valid