Re: Advisory #3 - PHP & JSP

From: Ryan Fox (rfox@noguska.com)
Date: 02/08/02

• Previous message: Jay D. Thomson: "RE: Script for find domino's users"
• In reply to: Paul Brereton: "Advisory #3 - PHP & JSP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Ryan Fox" <rfox@noguska.com>
To: "Paul Brereton" <brereton_paul@btopenworld.com>, <bugtraq@securityfocus.com>
Date: Fri, 8 Feb 2002 12:37:18 -0500

> Solution:
> Use hard coded directory paths in the 'include' statements you use (same
> goes for the 'require' statements).

For PHP, good security practices include setting display_errors = Off in the
php.ini configuration file. This will prevent errors such as this from
displaying, resulting in no path information leaking to the client.

Cheers,
Ryan Fox

---

• Previous message: Jay D. Thomson: "RE: Script for find domino's users"
• In reply to: Paul Brereton: "Advisory #3 - PHP & JSP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-02