Menu
▾
▴
Re: [phpesp-dev] insecure phpesp.ini
|
From: Christopher Z. <zo...@mu...> - 2003-01-18 16:10:38
|
-1 for me. I think it should stay in a none web accessible directory. On Fri, Jan 17, 2003 at 04:31:54PM -0500, James E. Flemer wrote: > Initially my feeling was that phpESP should be installed > somewhere outside of the web accessible part of your > filesystem. This would ensure that phpESP.ini would not be > compromised. However it seems many people can not > understand how to do this, and many can not do so because > they have to deal with open_basedir restrictions from their > hosting service. In light of this, I am willing to change > the extension. The change would be to rename phpESP.ini to > phpESP.ini.php. I would like the developers to vote on > this (-1/0/+1). >=20 > This also brings up an important point about mysql > security. If you are concerned about your database > passwords, then I suggest you read the mysql manual on > permissions. The mysql security model allows restricting > access based on IP addresses, usename/password, database, > and actions. My mysql server uses phpesp with the default > password (phpesp), and it doesn't matter that I tell you > that because the restrictions on hostnames, databases, and > permissions on that account prevent anyone from doing > damage. Anyone administering a mysql server should RTFM. >=20 > -James >=20 > ---------- Forwarded message ---------- > Date: Fri, 17 Jan 2003 16:45:39 +0100 > From: fl...@gm... > Subject: Re: [phpesp-dev] themes when embedding >=20 > hi and happy new year! >=20 > i have a really unnice message: my server let open port 8080 an with th= at > and misconfiguration all websurfer can look in my phpesp ini wich is bl= oody > uncool! > so there is the need to change is to ext.php! i think... when php crash= es > then it=B4s the only point to have a chance to look in a php file other= wise > no! > is there any chance to do is or do i have to change it by myself?....... > (bad on upgardes) >=20 > kind regards flobee >=20 >=20 >=20 > ------------------------------------------------------- > This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts wi= ll > allow you to extend the highest allowed 128 bit encryption to all your=20 > clients even if they use browsers that are limited to 40 bit encryption= .=20 > Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw003= 0en > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel >=20 |
