Bugtraq mailing list archives
Re: ASP Security Hole (PHP Too)
From: Alexander () LEIDINGER NET (Alexander Leidinger)
Date: Thu, 17 Feb 2000 12:32:42 +0100
On 15 Feb, Joshua J. Drake wrote:
The following is also true for PHP. Naming PHP include files .inc gives anyone full-read access to the files by simply requesting them by name. The solution of course is to do one of the following: a. name php include files with a PHP extension (.php, .php3, etc) that is associated with PHP parsing them b. associate .inc files with PHP so that they are parsed and not displayed
c. don't put include files below your DocumentRoot, use php3_include_path (apache-modul) or include_path (php3.ini) instead. Bye, Alexander. -- It is easier to fix Unix than to live with NT. http://www.Leidinger.net Alexander+Home @ Leidinger.net Key fingerprint = 7423 F3E6 3A7E B334 A9CC B10A 1F5F 130A A638 6E7E
Current thread:
- Re: ASP Security Hole (fwd) Justin King (Feb 10)
- Re: ASP Security Hole (PHP Too) Joshua J. Drake (Feb 15)
- Re: ASP Security Hole (PHP Too) Daniel Austin (Feb 17)
- Re: ASP Security Hole (PHP Too) Alexander Leidinger (Feb 17)
- AIX SNMP Defaults (fwd) Dave G. (Feb 17)
- New Allaire Security Zone Bulletin Aleph One (Feb 17)
- <Possible follow-ups>
- Re: ASP Security Hole (fwd) Mark L. VanScoyk (Feb 10)
- Re: ASP Security Hole (PHP Too) Joshua J. Drake (Feb 15)