Menu
▾
▴
Re: [phpesp-dev] Rename phpESP.ini?
|
From: Lou S. <lr...@at...> - 2002-03-30 20:49:03
|
Yup. This a very serious security breach. All files which contain php code should have the php extension unless one has explicitly defined those excluded extensions in web server configuration files. That's in one of my other messages or it could have been posted to a feature request I made today. All php related scripts should have a "PHP" extension, which means all .inc or .ini must be renamed to either *.inc.php *.ini.php or just *.php. Lou. ----- Original Message ----- From: "Matthew Gregg" <gr...@mu...> To: <php...@li...> Sent: Saturday, March 30, 2002 2:57 PM Subject: [phpesp-dev] Rename phpESP.ini? > While thinking about installation scripts.... > I must have overlooked something, but why not rename phpESP.ini to > something like config.php? > > If someone mistakenly installs it in a web accessible directory, > the web server will attempt to execute it instead of plastering sensitive > information to the browser. > > I tried it, seems to work. It gives you a nice blank page if you > access > http://yourhost.com/phpESP/admin/config.php > > Can't be this easy. > > -- > brought to you by, Matthew Gregg... > one of the friendly folks in the IT Lab. > --------------------------------------\ > The IT Lab (http://www.itlab.musc.edu) \____________________ > Probably the world's premier software development center. > Serving: Programming, Tools, Ice Cream, Seminars > > > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > |
