Installed as CGI binary
It's again not stated clearly in the documentation, that you should use --enable-discard-path ONLY IF you plan to use the PHP CGI outside the web tree as stated here.
If you want to use PHP as a regular CGI processor (via Action & AddHandler in the Apache config file), you shouldn't use this option because, if compiled with this, the PHP binary won't recognize the path to the actual script and will in any case try to send itself to the browser as the script output (!).
Case 4: PHP parser outside of web tree
A very secure option is to put the PHP parser binary somewhere outside of the web tree of files. In /usr/local/bin, for example. The only real downside to this option is that you will now have to put a line similar to:
#!/usr/local/bin/php
To get PHP to handle PATH_INFO and PATH_TRANSLATED information correctly with this setup, the PHP parser should be compiled with the --enable-discard-path configure option.
add a note
User Contributed NotesCase 4: PHP parser outside of web tree
raj at ap dot krakow dot pl
09-Feb-2008 09:02
09-Feb-2008 09:02
Andras Rokob <rokoba at bolyai dot elte dot hu>
18-Oct-2006 11:59
18-Oct-2006 11:59
You can avoid the need of using the shell-escaping (#! ...) in all your php scripts if you set the executable bit on them and exploit the binfmt_misc support of the Linux kernels.