Php: Improve security without x-powered-by and PHP version

Created on 22 Oct 2020 · 1Comment · Source: docker-library/php

Hello,
I notice that in the file $PHP_INI_DIR/php.ini-production (.ini for production) the header of x-powered-by is exposed.

I think, for security reasons, is better (in production) to hide this information.

The change that I suggest is :
from expose_php = On to expose_php = Off, what do you think about this?

Regards

Source

alessandro-candon

Most helpful comment

This file is juste a copy of the php.ini-production provided by PHP, this should probably be reported to PHP directly.

jvasseur on 22 Oct 2020

👍5

This file is juste a copy of the php.ini-production provided by PHP, this should probably be reported to PHP directly.

jvasseur on 22 Oct 2020

👍5

Was this page helpful?

0 / 5 - 0 ratings

Less lag-time between release of PHP and rebuild of these images?

skyzyx · 3Comments

Pecl does not work on php:7.0-fpm

ihorsamusenko · 4Comments

Unable to build some extensions on php5.6-alpine

solocommand · 3Comments

Alpine : PHP with PDO not return proper native value from database

sanjay-rakholiya · 3Comments

Cannot connect to mysql container from fpm-alpine container

igodorogea · 3Comments