Category Archives: Zend Server for IBM i

DB2 PHP Security Exploit – Older versions of Zend Server for IBM i – Login under any user profile without a password

If you’re running an old version of Zend Server on the IBM i make sure you look at this article from Zend Support:

https://support.zend.com/hc/en-us/articles/203733853-db2-connect-may-allow-blank-password-with-user-entered

Basically you need to rename
/usr/local/zendsvr/lib/libdb400.a to /usr/local/zendsvr/lib/libdb400.a.bak

To do this Rod Flohr suggest you open a PASE shell and issue a mv command to rename the file.

5250 Terminal:

call qp2term

PASE:

mv /usr/local/zendsvr/lib/libdb400.a /usr/local/zendsvr/lib/libdb400.a.bak

If you pass in user supplied parameters to db2_connect function a person could log in as someone else with greater authorities possibly and go into pages or access data they aren’t authorized to use.

PHP Security on the IBM i – Locking down the IFS permissions – Best way to handle authorities in the web root and subdirectories.

Are you unable to modify another user’s PHP file on the IBM i? Do you constantly need to give QTMHHTTP read permissions to the new PHP you uploaded? After going through this guide you’ll fix these issues and streamline your PHP development on the IBM i while maintaining security of the IFS.

Overview of permissions on your Webroot folder for Zend Server:
*PUBLIC: DTAAUT ( *NONE)
PRIMARY GROUP: NOGROUP = DTAAUT (*RX)
OWNER: WEBCODERS= DTAAUT (*RWX)

Summary: Public gets no access, Primary Group is a group that the user QTMHHTTP is a part of and only has read access, and the owner is your development team group profile (WEBCODERS) with your web development team user profiles in that group.

As always test this on a development machine DON’T DO THIS IN PRODUCTION unless you’ve tested it

5 Steps to secure your PHP installation

1. Don’t give *PUBLIC access

CHGAUT OBJ('/www/zendsvr/htdocs/') USER(*PUBLIC) DTAAUT(*NONE) OBJAUT(*NONE) SUBTREE(*ALL)

I’ve heard many people who are insecurely using PHP on the IBM i. If you are giving *PUBLIC any access to your files under /www/zendsvr/htdocs you are giving too much access. You don’t want anyone with access to your IBM I to read your PHP files or your configuration files with database username and password. You should make sure *PUBLIC has no data authorities on all files under web root directory using the CHGAUT command recursively.

2. Set the Primary Group on the webroot (/www/zendsvr/htdocs) to a group with QTMHHTTP in it

CHGPGP OBJ('/www/zendsvr/htdocs') NEWPGP(NOGROUP) RVKOLDAUT(*NO) SUBTREE(*ALL)
CHGAUT OBJ('/www/zendsvr/htdocs/') USER(NOGROUP) DTAAUT(*RX) OBJAUT(*NONE) SUBTREE(*ALL)

Remember that each new object under a parent directory inherits the *PUBLIC authority, primary group authority and the owner authority of the parent. So you’ll want to set the primary group to NOGROUP and give it Read access. Make sure QTMHHTTP is a user of this group. This is the user that PHP is using to access the files and is typically called APACHE or NOBODY in linux systems.

3. Give access to a development team group profile so your web developers have write access to create new files and directories and read access to view the files on the server.  Unfortunately you’ll always have to re-run CHGAUT for WEBCODERS as when someone uploads a file they become the owner.  You may want to consider a daily job that automatically runs this or have your developers share the login information for WEBCODERS and always upload with that profile. 

CHGOWN OBJ('/www/zendsvr/htdocs/') NEWOWN(WEBCODERS) RVKOLDAUT(*NO) SUBTREE(*ALL)
CHGAUT OBJ('/www/zendsvr/htdocs/') USER(WEBCODERS) DTAAUT(*RWX) OBJAUT(*ALL) SUBTREE(*ALL)

4. Give write permissions to directories that QTMHHTTP needs write access.  If your PHP is saving a file or creating a file to the IFS it will need write permissions to that directory. 

CHGAUT OBJ('/www/zendsvr/writeable/uploads') USER(QTMHHTTP) DTAAUT(*RWX) OBJAUT(*NONE) SUBTREE(*NO)

Below are some shell functions you can use if you have bash or bourne shell

5. (Optional) Set the umask to set the default permissions given to new files created by a program (like FTP, SFTP, SSH).  In the example below the first 0 means give user rwx, 2 means give group rx, and 7 means give other nothing.

umask 027
#u=rwx,g=rx,o=

For SFTP you’d modify sshd_config to load a shell .profile that would then run the umask.  (replace * with the version number of openssh you’re using or find it by running find)

find / | grep sshd_config
vi /QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-*.*p*/etc/sshd_config
# set ibmpaseforishell to your favorite shell (in this case bash)
ibmpaseforishell=/QOpenSys/opt/freeware/bin/bash
#set the umask in our .profile so it will always load by using this command to append 
umask 022 to the end of the file (.profile).
echo "umask 022" >> ~/.profile

#shout out to @aaronbartell for informing me of umask

Experiment using Authorization List: 

Now I looked into using Authorization lists but they don’t inherit from the parent directory IF you’re using the mkdir command API (different from ibm i command line mkdir alias).  That would be the best case scenario since then new objects would get the WEBDEVAUTL authorization list inherited and your development team would be in that list and everyone on your team could create new files and directories and everyone else could modify them later.  Below are the commands to create a AUTL, but remember it will only work if your NOT using the mkdir command

CRTAUTL AUTL(WEBDEVAUTL) TEXT(‘Auth List for Web Developers’)
ADDAUTLE AUTL(WEBDEVAUTL) USER(WEBDEV1 WEBDEV2) AUT(*ALL)
CHGAUT OBJ(‘/www/zendsvr/htdocs/’) AUTL(WEBDEVAUTL) DTAAUT(*RWX) OBJAUT(*ALL) SUBTREE(*ALL)

More info on Mkdir not inheriting from the parent directory here: https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014510624 .  Hopefully IBM will one day have mkdir have the same functionality as CRTDIR CL command.  Another good read about the IFS: http://publib.boulder.ibm.com/iseries/v5r1/ic2924/books/c415300522.htm

The “gotchas” of running Zend Framework 2 on older versions of Zend Server for IBM i – ZF2 skeleton Application

Have you tried the ZF2 skeleton Application on PHP on the IBM i and have run into issues getting it to work since your on ZS 5.5, 6.x and are unable to upgrade to ZS7 at the moment? Well here’s a few gotchas and things you’ll have to change to get it work correctly:


 

Fatal error: Can’t inherit abstract function Zend\Validator\Translator\TranslatorInterface::translate() (previously declared abstract in Zend\I18n\Translator\TranslatorInterface) in library/Zend/Mvc/I18n/Translator.php on line 19

1) Comment out the Translate method in i89n\Translator\TranslatorInterface.php

//public function translate($message, $textDomain = 'default', $locale = null);
//For some reason ZF2 has 2 methods with the same name but it works in newer versions of PHP

 

Zend\ServiceManager\Exception\ServiceNotFoundException

zendframework/library/Zend/ServiceManager/ServiceManager.php:529

Zend\ServiceManager\ServiceManager::get was unable to fetch or create an instance for Zend\Db\Adapter\Adapter

2) set your config_glob_paths to the full path of the config/application.config.php. Note: the path below has to be specific to where your file is located on the IFS.

'config_glob_paths' => array(
      '/www/zendsvr/htdocs/zf2test/config/autoload/{,*.}{global,local}.php',
),
//AFter updating to ZS 7 you should be able to change this back to the relative path of config/autoload/{,*.}{global,local}.php

 

“album” in MYLIB type *FILE not found. SQLCODE=-204

3) Add ‘platform_options’ to your config/autoload/global.php

//The SQL that is generated by Zend's classes is putting quotes around the table like:
//SELECT 'album'.* FROM 'album'
//after turning off quote_identifiers it will run this SQL:
//SELECT album.* FROM album
return array(
     'db' => array(
         'driver'           => 'IbmDb2',
         'platform'         => 'IbmDb2',
         'platform_options' => array('quote_identifiers' => false),
         'database'         => '*LOCAL', // IBM i serial number or db directory entry name goes here
         'persistent' => true,
        'driver_options'    => array(
            'autocommit'     => DB2_AUTOCOMMIT_OFF, //::TODO:: We might not be able to use the constant since db2 may have not loaded at this point
            'i5_naming'     => DB2_I5_NAMING_ON, //::TODO:: We might not be able to use the constant since db2 may have not loaded at this point
            'i5_lib'        => 'MYLIB',
            'i5_libl'       => 'MYLIB MYLIB2 MYLIB3',
            ),
     ),
     'service_manager' => array(
         'factories' => array(
             'Zend\Db\Adapter\Adapter'
                     => 'Zend\Db\Adapter\AdapterServiceFactory',
         ),
     ),
 );

 

You’re view doesn’t display titles or artists

4) This is because the DB2 is case-insensitive and automatically converts lower-case column names that were created in the CREATE TABLE ALBUM script to upper-case columns (i.e. title is now TITLE and artist is now ARTIST). You can either modify the CREATE TABLE sql to force lower case column names by putting double quotes around your columns ( i.e. “title” “artist”). If you do it this way you’ll always have to put double quotes around it when using SQL, but in the PHP it won’t require double quotes. OR you can change the Album Model’s exchangeArray() to use the upper case column names. I recommend using the upper-case columns because the Zend\Db\Adapter\Driver\IbmDb2\ibmdb2 Statement class doesn’t know that it has to put double quotes around lowercase field names. The only approach with this is that you’ll have to change the field names to uppercase throughout the Getting Started Example

Solution 1

/* Creating table MYLIB.ALBUM */
DROP Table MYLIB.ALBUM;
CREATE TABLE MYLIB.ALBUM (
    'id' INTEGER GENERATED ALWAYS AS IDENTITY (START WITH 1, INCREMENT BY 1, NO ORDER, NO CYCLE, NO MINVALUE, NO MAXVALUE, CACHE 20) NOT HIDDEN ,
    'artist' VARCHAR (100) NOT NULL NOT HIDDEN ,
    'title' VARCHAR (100) NOT NULL NOT HIDDEN ,
    PRIMARY KEY ('id')
) NOT VOLATILE ;

LABEL ON TABLE MYLIB.ALBUM IS 'Test table for ZF2' ;

 INSERT INTO MYLIB.ALBUM ('artist', 'title')
     VALUES  ('The  Military  Wives',  'In  My  Dreams');
 INSERT INTO MYLIB.ALBUM ('artist', 'title')
     VALUES  ('Adele',  '21');
 INSERT INTO MYLIB.ALBUM ('artist', 'title')
     VALUES  ('Bruce  Springsteen',  'Wrecking Ball (Deluxe)');
 INSERT INTO MYLIB.ALBUM ('artist', 'title')
     VALUES  ('Lana  Del  Rey',  'Born  To  Die');
 INSERT INTO MYLIB.ALBUM ('artist', 'title')
     VALUES  ('Gotye',  'Making  Mirrors');

GRANT SELECT,INSERT,UPDATE,DELETE ON MYLIB.ALBUM TO MYUSER;
SELECT * FROM MYLIB.ALBUM

Solution 2

<?php
namespace Album\Model;

 class Album
 {
     public $id;
     public $artist;
     public $title;

     public function exchangeArray($data)
     {
     //SOLUTION 2 - change the PHP file to use the upper-case column names
         $this->id     = (!empty($data['ID'])) ? $data['ID'] : null;
         $this->artist = (!empty($data['ARTIST'])) ? $data['ARTIST'] : null;
         $this->title  = (!empty($data['TITLE'])) ? $data['TITLE'] : null;
     }

	 public function getInputFilter()
     {
         if (!$this->inputFilter) {
             $inputFilter = new InputFilter();

             $inputFilter->add(array(
                 'name'     => 'ID',
                 'required' => true,
                 'filters'  => array(
                     array('name' => 'Int'),
                 ),
             ));

             $inputFilter->add(array(
                 'name'     => 'ARTIST',
                 'required' => true,
                 'filters'  => array(
                     array('name' => 'StripTags'),
                     array('name' => 'StringTrim'),
                 ),
                 'validators' => array(
                     array(
                         'name'    => 'StringLength',
                         'options' => array(
                             'encoding' => 'UTF-8',
                             'min'      => 1,
                             'max'      => 100,
                         ),
                     ),
                 ),
             ));

             $inputFilter->add(array(
                 'name'     => 'TITLE',
                 'required' => true,
                 'filters'  => array(
                     array('name' => 'StripTags'),
                     array('name' => 'StringTrim'),
                 ),
                 'validators' => array(
                     array(
                         'name'    => 'StringLength',
                         'options' => array(
                             'encoding' => 'UTF-8',
                             'min'      => 1,
                             'max'      => 100,
                         ),
                     ),
                 ),
             ));

             $this->inputFilter = $inputFilter;
         }

         return $this->inputFilter;
     }
 }

class AlbumForm extends Form
 {
     public function __construct($name = null)
     {
         // we want to ignore the name passed
         parent::__construct('album');

         $this->add(array(
             'name' => 'ID',
             'type' => 'Hidden',
         ));
         $this->add(array(
             'name' => 'TITLE',
             'type' => 'Text',
             'options' => array(
                 'label' => 'Title',
             ),
         ));
         $this->add(array(
             'name' => 'ARTIST',
             'type' => 'Text',
             'options' => array(
                 'label' => 'Artist',
             ),
         ));
         $this->add(array(
             'name' => 'submit',
             'type' => 'Submit',
             'attributes' => array(
                 'value' => 'Go',
                 'id' => 'submitbutton',
             ),
         ));
     }
 }

Fatal error: Can’t inherit abstract function Zend\Form\LabelAwareInterface::setLabel() (previously declared abstract in Zend\Form\ElementInterface) in /www/zendsvr/htdocs/zf2test/vendor/zendframework/zendframework/library/Zend/Form/Element.php on line 21

5) Comment out setlabel and getlabel in Zend/Form/View/LabelAwareInterface.php – https://github.com/zendframework/zf2/issues/5996

//public function setLabel($label);
    //public function getLabel();

Doctrine is not supported for the IBM DB2

This isn’t a ZF2 issue directly, but if you try and use ZF2 plugins such as ZFCuser you’ll run into issues. Doctrine doesn’t work that well with IBM DB2 currently. The current implementation is based on DB2 for Linux. There is talk about creating new classes that would handle the IBM DB2 specifically but there hasn’t been any work on it. A conversation looking into solving this is being had at – https://github.com/doctrine/dbal/pull/518 . Novice PHP programmers remember that there’s multiple ways of solving a problem and doctrine is not a must have to get the job done.

UPDATE on Case-sensitivity – Dec 3 2014

I think some of the case sensitivity issues can be fixed if Zend Framework’s Zend\Db\Adapter\Driver\IbmDb2\ibmdb2 is updated to use QSYS2.DELIMIT_NAME which is available in V7R1 TR 8 and V7R2. Also doctrine could be used if they used that feature. Not everyone is on that Version of the OS so this would need to be a feature that should be explicitly set. More info on QSYS2.DELIMIT_NAME – http://www.itjungle.com/fhg/fhg111214-story01.html

Safely Uninstalling Zend Core for i5 OS version 2.6.0 or less, without messing up Zend Server

Now that Zend Server for IBM i is running on our systems we’ve decided to clean up Zend Core and uninstall it.  To uninstall it there is 3 steps to follow:

1. Remove Zend Platform (Required to upgrade Zend Core)

2. Update Zend Core to a version of 2.6.1 or greater using an installer file and not a Zend Core Components update.

3. Remove Zend Core

Note:

– The installer file can be obtain only from Zend support.

– Uninstalling an earlier version will remove profiles used by Zend Server for IBM i

Determining your Zend Core Version

To determine what version of Zend Core you’re  running run the following I5 commands:

GO LICPGM

OPTION 10

Page Down until you find 1ZCORE5.  If the describition is Zend Core for IBM i5/OS (2.6.0)  or less you will have to upgrade Zend Core before installing it

Uninstalling Zend Platform

Run the Delete Licensed Program (DLTLICPGM) command on the i5 command line:

  1. DLTLICPGM LICPGM(1ZCORE5) OPTION(1)
  2. If needed, run WRKOBJLCK OBJ(ZENDPLAT) OBJTYPE(*LIB) 

Updating Zend Core to 2.6.1+

1. Have Zend Support send Zend Core 2.6.1 by emailing Mike Pavlak or download it here.
A. Note knowledge base article http://kb.zend.com/index.php?View=entry&EntryID=488, “The installer is no longer available on our web site. Please contact Zend Support to get a copy of the installer for Zend Core for i5/OS 2.6.1. ”
2. The windows installers FTP process failed fore me so the SAVF file had to be ftp’d to the i5 and ran
A. Create a savf file on the i5
i. crtsavf savefiles/zcoresavf
B. FTP the file to the i5 from your windows machine
i. Run cmd
ii. cd to directory with file to upload
iii. ftp <servername>
iv. enter username
v. enter password
vi. cd savefiles
vii. binary
viii. put zcoresavf zcoresavf
C. prepare for upgrade
i. rename the directories /usr/local/Zend and /www/zendcore to different names
ii. end Zend Core Subsystem and Apache instance

D. Run restore license program
i. RSTLICPGM LICPGM(1ZCORE5) DEV(*SAVF) SAVF(SAVEFILES/ZCORESAVF)
ii. If error message “Waiting for reply to message on message queue QSYSOPR.” – Sign in with another session and run:
a. dspmsg qsysopr
iii. If your getting directory not registered, rename the directories /usr/local/Zend and /www/zendcore to different names

iv. Rename /usr/local/Zend back in case you were using the Zend Framework

Uninstalling Zend Core 2.6.1 or better

Simply make sure theres no locks and run delete license program:

DLTLICPGM LICPGM(1ZCORE5)

If locked, run WRKOBJLCK OBJ(ZENDCORE) OBJTYPE(*LIB)

References

KB article noting that the installer file is no longer available on the Zend website and the installer must be obtained from Zend Support
http://kb.zend.com/index.php?View=entry&EntryID=488http://kb.zend.com/index.php?View=entry&EntryID=488

Forum on how to uninstall zend core
http://forums.zend.com/viewtopic.php?f=77&p=71168

Delete Zend Platform info
http://kb.zend.com/index.php?View=entry&EntryID=245

Delete Zend Core info
http://kb.zend.com/index.php?View=entry&EntryID=242

Zend Core components downlaod (NOTE: this is just to upgrade components and will not make your Zend Core safe to un-install, you need the installer file from Zend Support)
http://www.zend.com/en/products/core/updates/i5os/2.6.7/i5os/latest

Support for long passwords may break your login page on Zend Server for IBM i

To keep up with security on the IBM i, your company will eventual support long passwords and more characters.  This means people can use symbols and lower case characters which will help increase the difficulty of guessing a password.  The problem you may run into with your PHP script is if you were using the strtoupper() function on your password and your username variable you’ll now have to remove that function because lower case symbols are now valid.   You’ll also warn your users that the login page is now case senstive.

FYI: In V5R1, the i5 added support for long passwords and by default it was set to off.  The QPWDLVL is what you need to change.  You can set the max length of the password using QPWDMAXLEN.   If you are using a custom login page you may need to rewrite it or switch to QSYS/QDSIGNON.  You will have to IPL the system after this change

PHP Remote Debugging on Zend Server for IBM i using xdebug and Netbeans

This is a guide on how to setup xdebug on Zend Server for IBM i.  The reason I did this was because the Zend Debugger doesn’t work with Netbeans, but it does work with the Zend Studio (which I don’t like using because its an Ecplise based IDE).

Step 1  Get xdebug.so and put it on the AS400 IFS

You can either compile your own xdebug.so by downloading the source from http://xdebug.org/ or you can just download this xdebug.so file.   Once you have the .so file you upload it to the Zend Server IFS directory for php extensions: /usr/local/zendsvr/lib/php_extensions

Step 2 – Setup php.ini file

PHP.ini location: /usr/local/zendsvr/etc/php.ini

Disable Zend Debugger and Zend Optimizer

You’ll have to turn off Zend Debugger and Zend Optimizer as these files will interfere with xdebug.  To turn off this go to /usr/local/zendsvr/etc/conf.d/debugger.ini and comment out ; zend_extension_manager.dir.debugger=/usr/local/zendsvr/lib/debugger with  a semi colon at the beggining of the line.  And comment out optimizerplus.ini in the same directory  ;zend_extension_manager.dir.optimizerplus=/usr/local/zendsvr/lib/optimizerplus You’ll also have to set php.ini to output_buffering = Off.  At the end of the php.ini file add the following lines: ; Xdebug Configuration [xdebug] zend_extension=/usr/local/zendsvr/lib/php_extensions/xdebug.so xdebug.remote_enable=1 xdebug.remote_handler=dbgp xdebug.remote_mode=req ;remote_host limits connection to the 1 ip address specified.  To find your ip on windows run ipconfig /all ;xdebug.remote_host=<client’s ip address> ; remote_connect_back allows for multiple connections from different IPs.  This is great for situations in which multiple developers will be developing on the same instance. xdebug.remote_connect_back=on xdebug.remote_port=9000

Step 3 – Restart Apache

On the i5/as400/iseries type: Go ZENDSVR/ZSMENU Option 5 – Service Management menu Option 6 – Stop Apache server instances Option 5 – Start Apache server instances

Step 4 – Setup xdebug client in Netbeans

Right click a project and go to project properties.  Set the Web Root to the local files that map to your Web Root on the i5 (htdocs/{myapps}).   In the run configuration set up the Project URL and the index file to point to your starting index.php file.  On the toolbar menu click Tools->Options ->PHP tab-> Debugging sub tab.  At this location you can set the debugger port, session ID, if it should stop at the first line of a file, what URLs were requested and to show the debugger console.

Step 5 – Launch Debugger

Hopefully if everything was setup right you’ll be able to start the debugger and Netbeans will open your website up in a browser and then connect to xdebug on the server.  The way it works is the client sends the request on port 80 and then the server and the client communicate over port 9000 or the port you selected.  You’ll get all the Variables, Call stack and be able to step through the PHP code and set up Break points through out the file. If your having troubles getting this working let me know.  Running phpinfo() will also give you an idea if you’ve correctly installed xdebug.

Misc. Tips

1. You may have to move the CW wrapper for the old i5 toolkit into your project file.  You can find those files in the /usr/local/zendsvr/share/ToolkitAPI folder on the IFS. 2. You can use xdebug’s wizard that uses your phpinfo and helps you detect and install xdebug – http://xdebug.org/wizard.php 3. If your looking to compile php on the iseries this site might help – http://www.deloli.net/distrib.php 4. Netbeans wiki on how to configure xdebug  – http://wiki.netbeans.org/HowToConfigureXDebug

 

 

Migrating from Zend Core for I to Zend Server for IBM I – My Experience

I’m currently working on migrating from Zend Core 2.6.0 to Zender Server 5.6  for IBM I.  Big thanks to Alan Seiden who has some very helpful blog posts on this topic.  I’d recommend checking out:

http://www.alanseiden.com/2010/04/21/differences-between-zend-core-and-zend-server-on-ibm-i/

and

http://www.alanseiden.com/2011/02/08/qa-upgrading-from-zend-core-to-zend-server/

Here’s my tip from migrating:

  1. If you were using the I5_* functions for database connections you can continue using AURA equipments toolkit, but I think long term you’d be better off using PHP db2_* functions.  Do not use the Zend Framework’s DB2 class since the db2_bind param doesn’t work.  The ZF team can’t implement it to work correctly right now and probably never will in the future.  I’ve been waiting 3 years now for them to make a change…
  2. Use http://as400:2001/HTTPAdmin to change the apache config for Zend Server and to start/stop the server
  3. You’ll need to trasfer your files from /www/zendcore to /www/zendsrv
  4. Give Permissions to QTMHHTTP.
    Run STRQSH
    cd /www/zendsvr/htdocs
    chmod –R 770
    chown -R qtmhhttp
  5. Modify the http.conf file and compare your old conf file to see if changes need to made
    /www/zendcore/conf/http.conf
    /www/zendsvr/conf/http.conf
  6. #–Check your system CCSID value ( dspsysval qccsid). if the value is 65535 then add the following two directives to Apache configuration file (/www/zendsvr/conf/httpd.conf) and then Stop and Start Apache:
    DefaultFsCCSID 37
    CGIJobCCSID 37
  7. Edit the php.ini file and add a different session path (edit /usr/local/zendsvr/etc/php.ini)
    session.save_path = “/tmp/ZS”
  8. Change scripts that reference www/zendcore to www/zendsvr
  9.  Recreate any NFS mounts since files might have moved into /www/zendsvr
  10. IF your using Zend Framework you might want to continue using the old version that Zend Core had, so modify your php.ini file include path to include it and not include the new version which is currently 1.11.10
    include_path = “.:/usr/local/Zend/ZendFramework/library:/usr/local/zendsvr/share/pear:/usr/local/ZendSvr/share/ToolkitApi”
Benefits of upgrading from Zend Core:
  1. PERFORMANCE!  I’m seeing scripts running between 18%-400% faster.  One script used to take 40 seconds now only takes 8 seconds.
  2. Only 1 apache configuration to worry about now
  3. Latest PHP