Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:70217 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 93298 invoked from network); 20 Nov 2013 09:39:10 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Nov 2013 09:39:10 -0000 Authentication-Results: pb1.pair.com smtp.mail=rquadling@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=rquadling@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.170 as permitted sender) X-PHP-List-Original-Sender: rquadling@gmail.com X-Host-Fingerprint: 209.85.223.170 mail-ie0-f170.google.com Received: from [209.85.223.170] ([209.85.223.170:64974] helo=mail-ie0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 61/01-20870-D338C825 for ; Wed, 20 Nov 2013 04:39:10 -0500 Received: by mail-ie0-f170.google.com with SMTP id qd12so4021925ieb.15 for ; Wed, 20 Nov 2013 01:39:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=BlTb11JtMTCrEFsM6szngPVq5hct4IsslgbuCHH81dI=; b=Di56qmGiqgtFZZk8W1AQbYsIzoSUUMxTEfGo22pasrnp53qhpXaOuqryVRp/ATqHS1 zDM9wwYu7VZcYFNHg6+byFjailp+tOKz07yr2/kUrZAIzXSr1RoNxscTaewiJHxFXkPO i/mxvi7TVmFE8/kUcBhLUS72QKBOdMLB9A8JW6NtrJ+URjxE0KQUC1QeRBnfDT8Cdhup z+bS54c7qr3kC/rwPxsLujtno9AvaRvEO/Lm7jgS7GJpFDTSLECtmhpKcgEanOmZPLKP AAFUVBwJMHjP+Lqka4ZVchClXtVx+A0ylBJyjhmm2s6POlrL+E2HnpMhqfkFKPImrWeg tHKw== X-Received: by 10.50.55.106 with SMTP id r10mr257209igp.45.1384940346758; Wed, 20 Nov 2013 01:39:06 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.223.10 with HTTP; Wed, 20 Nov 2013 01:38:46 -0800 (PST) Reply-To: RQuadling@GMail.com In-Reply-To: References: Date: Wed, 20 Nov 2013 09:38:46 +0000 Message-ID: To: Sebastian Krebs Cc: PHP internals Content-Type: multipart/alternative; boundary=047d7b10ce43675f5d04eb988de0 Subject: Re: [PHP-DEV] Allowing [SAPI=] entries in ini files. From: rquadling@gmail.com (Richard Quadling) --047d7b10ce43675f5d04eb988de0 Content-Type: text/plain; charset=UTF-8 On 19 November 2013 18:51, Sebastian Krebs wrote: > > > > 2013/11/16 Richard Quadling > >> Hi. >> >> I created a patch https://github.com/php/php-src/pull/466 to allow ini >> files to have a SAPI section, just like they can have a HOST and PATH >> section. >> >> My use case is that the provider we are currently using does not allow us >> to have our own INI file, just the additional directory, and there is no >> way to differentiate between a CLI and a FAST-CGI setup in the additional >> directory. >> >> The patch allows [SAPI=xxx] sections and they operate in a very similar >> way >> to the [HOST] and [PATH] sections. >> >> Please can this be considered for inclusion into PHP at some stage. >> >> Regards, >> >> Richard Quadling. >> > > > Hi, > > Just my 2 cents, but that sounds more like an issue with your > provider/hoster and not with PHP. I always thought of the additional > php.ini as a way to change some details and not a way to set up the whole > runtime. Especially when a user has write access to that file it seems to > me also an security issue, when PHP allows to set/change critical settings > there. > > tl;dr: There is probably a reason, why your provider doesn't allow you to > change php.ini settings directly. > > Regards, > Sebastian > > They run a LOT of different security setups for each SAPI. Each with it's own chroot'd environment. And for us to be able to configure all the setups with the same settings that we supply via our repo, it was set to use the additional directory. But we have CLI (for crontab) and FastCGI setups. All extensions are loaded via a separate ini file (seems a consistent pattern I've seen before). But no mechanism to say xxx-cli.ini or xxx-fastcgi.ini (for example) in the additional directory. The patch allows ANY ini file to have [SAPI=xxxx] sections. This can act as an alternative to having separate ini files for each SAPI when only one or 2 settings may be different. Richard. -- Richard Quadling --047d7b10ce43675f5d04eb988de0--