Re: [phpesp-dev] Rename phpESP.ini?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Yes, though I don't like renaming files (CVS doesn't handle
it gracefully). I also really think that it is best for the
package to be installed outside of a public directory. It
is certainly an option to rename files, and perhaps it will
happen soon.

-James

On Sat, 30 Mar 2002, Lou Spironello wrote:

> Yup.   This a very serious security breach.
>
> All files which contain php code should have the php
> extension unless one has explicitly defined those
> excluded extensions in web server configuration files.
>
> That's in one of my other messages or
> it could have been posted to a feature request I made today.
>
> All php related scripts should have a "PHP" extension,
> which means all .inc or .ini must be renamed to either
> *.inc.php *.ini.php or just *.php.
>
>
> Lou.
>
> ----- Original Message -----
> From: "Matthew Gregg" <gr...@mu...>
> To: <php...@li...>
> Sent: Saturday, March 30, 2002 2:57 PM
> Subject: [phpesp-dev] Rename phpESP.ini?
>
>
> > While thinking about installation scripts....
> > I must have overlooked something, but why not rename phpESP.ini to
> > something like config.php?
> >
> > If someone mistakenly installs it in a web accessible directory,
> > the web server will attempt to execute it instead of plastering
> sensitive
> > information to the browser.
> >
> > I tried it, seems to work.  It gives you a nice blank page if you
> > access
> > http://yourhost.com/phpESP/admin/config.php
> >
> > Can't be this easy.