Re: Advisory #3 - PHP & JSPFrom: Ryan Fox (email@example.com)
- Previous message: Jay D. Thomson: "RE: Script for find domino's users"
- In reply to: Paul Brereton: "Advisory #3 - PHP & JSP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ryan Fox" <firstname.lastname@example.org> To: "Paul Brereton" <email@example.com>, <firstname.lastname@example.org> Date: Fri, 8 Feb 2002 12:37:18 -0500
> Use hard coded directory paths in the 'include' statements you use (same
> goes for the 'require' statements).
For PHP, good security practices include setting display_errors = Off in the
php.ini configuration file. This will prevent errors such as this from
displaying, resulting in no path information leaking to the client.