Bugtraq mailing list archives
Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P
From: "David Nugent" <davidn () austel net>
Date: Thu, 5 Jul 2001 15:55:43 +1000
I find it good practice that PHP included files have ONLY function definitions, (and perhaps some assignments of global configuration variables.)
I find it better practice to put and organise php include files completely outside of the web document tree regardless of how they are named. Garbage in there is security fodder, and good habits are good habits. php_include works perfectly and is provided for exactly this purpose - why not return a 404 and not even give a hint to indicate that there's anything at that location at all (because there /isn't/)..
Current thread:
- Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P Forrest J Cavalier III (Jul 03)
- Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P David Nugent (Jul 05)