-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Production readiness / secure by default #692
Comments
We don't currently do anything special with php/7.2/stretch/cli/Dockerfile Lines 125 to 172 in d6b950c
Perhaps there's more we could do to make it easier to switch to upstream's recommended "production" configuration? |
@tianon Thanks for your quick feedback! (Your open source contributions are impressive!) I thought about this for a bit. I think it is unrealistic that upstream (php-src) will change anything about their defaults. Shipping the I thought about your suggestion on how to make it easier to switch to upstream's production config.
And of course this should be also documented in the readme. |
That's a great idea. 👍 (#711) |
Describe the problem
I recently noticed that the PHP image
php:7.2-fpm-alpine
comes with the settingdisplay_errors = On
by default.This was a bit problematic for me, because this setting exposed the mysqli connection credentials from my Wordpress site by displaying an error with all connection details. (yes, I should have disabled the wordpress debug mode)
What is the desired behaviour?
I expect the official PHP docker images to ship the
php.ini-production
config in order to be secure by default and production ready.The official production config sets
display_errors
toOff
: https://github.com/php/php-src/blob/php-7.2.8/php.ini-production#L477Possible solutions
php.ini-production
by defaultMake it clear in docs to disable
display_errors
if the image is used in production.display_errors
toOff
if nophp.ini
is found (I think that's the case for these docker images, I couldn't find aphp.ini
file)Related issues
Relates to docker-library/wordpress#148.
The text was updated successfully, but these errors were encountered: