Bugtraq mailing list archives
Re: Advisory #3 - PHP & JSP
From: "Ryan Fox" <rfox () noguska com>
Date: Fri, 8 Feb 2002 12:37:18 -0500
Solution: Use hard coded directory paths in the 'include' statements you use (same goes for the 'require' statements).
For PHP, good security practices include setting display_errors = Off in the php.ini configuration file. This will prevent errors such as this from displaying, resulting in no path information leaking to the client. Cheers, Ryan Fox
Current thread:
- Advisory #3 - PHP & JSP Paul Brereton (Feb 08)
- Re: Advisory #3 - PHP & JSP Ryan Fox (Feb 10)