Although the focus of this book is application security, there
are a few configuration directives with which any security-conscious developer
should be familiar. The configuration of PHP can affect the behavior of the code
you write as well as the techniques that you employ, and your responsibilities
might extend slightly beyond the application on occasion.
The configuration of PHP is primarily dictated by a file called
php.ini. This file contains many configuration
directives, and each of these affects a very specific aspect of PHP. If this
file is absent, or if a particular configuration directive is absent from the
file, a default value is used.
If you do not know the location of your php.ini file, you can use phpinfo( ) to
determine where PHP expects to find it:
<?php
phpinfo();
?>