hi,
after my host moved my account from old server (shared hosting) with php
4.4.7, mysql 4.x to new one with php 5.x and mysql 5.x. nice. they did
it fast and without problems.
but then I realized that every folder has it's own php.ini file?!?
I "talked" to them (live chat) about this and they told me "that is how
our system is setup":

"...
afan [20:25]: why is now different then before?
xxxx [20:25]: That is not different. That has always been the case.
You may not have had a php.ini in every folder, but every folder still
needed its own php.ini if you wanted to change the php settings.
afan [20:27]: I don't understand why I should have php.ini in every
folder? it's like having admin area for each folder?
xxxx [20:28]: You don't have to if you don't want to, but that is how
our system is setup, so unless you don't want to change settings for all
of your folders, you'll want to leave those there.
afan [20:29]: ok. in case I want to change something in php.ini, how to
do it on all php.ini files?
xxxx [20:29]: You would change one php.ini file, then visit the link I
provided, and that will show you how to copy that to all folders.
...."

and I got the link with script how to change EVERY php.ini on my account
(with over 10 addon domain).

I still think that's not correct. I need your opinion.

Thanks.

-afan

On Jan 5, 2008 2:35 AM, Afan Pasalic <afan@afan.net> wrote:
> hi,
> after my host moved my account from old server (shared hosting) with php
> 4.4.7, mysql 4.x to new one with php 5.x and mysql 5.x. nice. they did
> it fast and without problems.
> but then I realized that every folder has it's own php.ini file?!?
> I "talked" to them (live chat) about this and they told me "that is how
> our system is setup":
>
> "...
> afan [20:25]: why is now different then before?
> xxxx [20:25]: That is not different. That has always been the case.
> You may not have had a php.ini in every folder, but every folder still
> needed its own php.ini if you wanted to change the php settings.
> afan [20:27]: I don't understand why I should have php.ini in every
> folder? it's like having admin area for each folder?
> xxxx [20:28]: You don't have to if you don't want to, but that is how
> our system is setup, so unless you don't want to change settings for all
> of your folders, you'll want to leave those there.
> afan [20:29]: ok. in case I want to change something in php.ini, how to
> do it on all php.ini files?
> xxxx [20:29]: You would change one php.ini file, then visit the link I
> provided, and that will show you how to copy that to all folders.
> ..."
>
> and I got the link with script how to change EVERY php.ini on my account
> (with over 10 addon domain).
>
> I still think that's not correct. I need your opinion.

I'm not entirely sure why your host found it necessary to provide
a php.ini file in every directory, but the fact is, it's safe to
delete all of them if you want. They're just there to allow you to
override certain settings (INI_PERDIR settings, for example).


--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]

If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.

That was my thought too, but, when I create new folder - it will
automatically create php.ini inside and there is no point of deleting them.

HOW insecure it is? Because, since you know there is php.ini you can
easy open every of them (http://mydomain.com/gallery/images/php.ini) and
look. Isn't is vulnerable point?

-afan



Daniel Brown wrote:
> On Jan 5, 2008 2:35 AM, Afan Pasalic <afan@afan.net> wrote:
>> hi,
>> after my host moved my account from old server (shared hosting) with php
>> 4.4.7, mysql 4.x to new one with php 5.x and mysql 5.x. nice. they did
>> it fast and without problems.
>> but then I realized that every folder has it's own php.ini file?!?
>> I "talked" to them (live chat) about this and they told me "that is how
>> our system is setup":
>>
>> "...
>> afan [20:25]: why is now different then before?
>> xxxx [20:25]: That is not different. That has always been the case.
>> You may not have had a php.ini in every folder, but every folder still
>> needed its own php.ini if you wanted to change the php settings.
>> afan [20:27]: I don't understand why I should have php.ini in every
>> folder? it's like having admin area for each folder?
>> xxxx [20:28]: You don't have to if you don't want to, but that is how
>> our system is setup, so unless you don't want to change settings for all
>> of your folders, you'll want to leave those there.
>> afan [20:29]: ok. in case I want to change something in php.ini, how to
>> do it on all php.ini files?
>> xxxx [20:29]: You would change one php.ini file, then visit the link I
>> provided, and that will show you how to copy that to all folders.
>> ..."
>>
>> and I got the link with script how to change EVERY php.ini on my account
>> (with over 10 addon domain).
>>
>> I still think that's not correct. I need your opinion.
>
> I'm not entirely sure why your host found it necessary to provide
> a php.ini file in every directory, but the fact is, it's safe to
> delete all of them if you want. They're just there to allow you to
> override certain settings (INI_PERDIR settings, for example).
>
>

On Jan 5, 2008 11:20 AM, Afan Pasalic <afan@afan.net> wrote:
> That was my thought too, but, when I create new folder - it will
> automatically create php.ini inside and there is no point of deleting them.
>
> HOW insecure it is? Because, since you know there is php.ini you can
> easy open every of them (http://mydomain.com/gallery/images/php.ini) and
> look. Isn't is vulnerable point?

Using .htaccess you can disallow viewing of the file.

If you use phpinfo(); anywhere in your site, that actually
divulges more information, because that will disclose the availability
and configuration of external modules, users on the server, path
information, and more.

--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]

If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.