In an effort to get some thought going about ways to encourage security in PHP applications, Stas has posted an idea about a simplified php.ini setting - production=On.
His idea is that, with this setting on, the PHP installation would:
- disable display errors
- disable phpinfo()
- turn expose_php off
- make max_execution_time/memory_limit reasonable
- and possibly a few others that some developers forget to set correctly