Re: Advisory #3 - PHP & JSP

["Ryan Fox" <rfox () noguska com>]

> Solution:
> Use hard coded directory paths in the 'include' statements you use (same
> goes for the 'require' statements).

For PHP, good security practices include setting display_errors = Off in the
php.ini configuration file.  This will prevent errors such as this from
displaying, resulting in no path information leaking to the client.

Cheers,
Ryan Fox