Bugtraq mailing list archives
Re: PHP Advanced Transfer Manager Download users password hashes
From: jn () hz6 de
Date: 13 Jun 2006 13:26:15 -0000
The phpatm support forum (currently down) advises administrators to put a .htaccess into the users directory with the following content: # no one gets in here! order allow,deny deny from all Furthermore the website recommends to rename the "users" directory and change the corresponding variable in the config-file. These two things done, it is no longer possible to download the hashes.
Current thread:
- Re: PHP Advanced Transfer Manager Download users password hashes jn (Jun 17)