mailing list archives
Re: ASP Security Hole (PHP Too)
From: Alexander () LEIDINGER NET (Alexander Leidinger)
Date: Thu, 17 Feb 2000 12:32:42 +0100
On 15 Feb, Joshua J. Drake wrote:
The following is also true for PHP. Naming PHP include files .inc gives
anyone full-read access to the files by simply requesting them by name.
The solution of course is to do one of the following:
a. name php include files with a PHP extension (.php, .php3, etc) that is
associated with PHP parsing them
b. associate .inc files with PHP so that they are parsed and not displayed
c. don't put include files below your DocumentRoot, use
php3_include_path (apache-modul) or include_path (php3.ini) instead.
It is easier to fix Unix than to live with NT.
http://www.Leidinger.net Alexander+Home @ Leidinger.net
Key fingerprint = 7423 F3E6 3A7E B334 A9CC B10A 1F5F 130A A638 6E7E