PHP

The article contains a list of PHP configuration parameters that can affect the security, performance, and stability of Passwork.

The location of the configuration file depends on the type of installation or the operating system used:

• Linux:
  • DEB — /etc/php/8.3/fpm/php.ini
  • RPM — /etc/php.ini
• Windows Server — C:\Program Files\php8.3\php.ini
• Docker:
  • /<passwork>/conf/php/cli-php.ini
  • /<passwork>/conf/php/fpm-php.ini

Parameter Name	Value	Important	Comment
expose_php	Off	Yes	Hides PHP version information in the web server response headers
display_errors	Off	Yes	Disables output of PHP error information. Should always be Off, as all errors are logged to log files.
post_max_size	10MB		Limits the maximum size of data received from the client, protecting against DOS attacks.
max_execution_time	120 to 600		Maximum script execution time in seconds. Can be increased if necessary
max_input_time	120		Maximum time in seconds to read data from the client.
memory_limit	256MB to 2GB		Maximum amount of RAM a script can use. Can be increased if necessary
max_input_vars	1000		Number of parameters in a POST request. Can be increased if there are issues importing large CSV or JSON files.
session.cookie_lifetime	0		When set to 0, the browser does not store cookies and clears them when the browser restarts
session.use_only_cookies	On	Yes	Session will be transmitted only via cookies
session.use_strict_mode	On	Yes	PHP will not accept session cookies with IDs set by the user rather than issued by PHP. Protects against Cookie Fixation
session.cookie_httponly	On	Yes	Denies access to cookies from JavaScript
session.cookie_secure	On	Yes	Cookies will be available only over HTTPS
session.use_trans_sid	Off	Yes	Prohibits passing the session ID via GET parameters
session.cache_limiter	nocache		Disables cache
session.sid_length	100	Yes	Sets the session ID length. A long session ID protects it from brute force attacks (maximum 256).
session.sid_bits_per_character	5	Yes	Maximum variability of characters in the session ID. '4' (0-9, a-f), '5' (0-9, a-v), '6' (0-9, a-z, A-Z, "-", ","). Value 6 is not supported
session.cookie_domain			If a single domain name is used, it can be specified in this parameter
realpath_cache_size	4096K		Sets the maximum amount of memory allocated for caching the result of the realpath() function
realpath_cache_ttl	600		Defines the time (in seconds) during which entries in the realpath() cache are considered valid