Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Advisory #3 - PHP & JSP
From: "Ryan Fox" <rfox () noguska com>
Date: Fri, 8 Feb 2002 12:37:18 -0500

Solution:
Use hard coded directory paths in the 'include' statements you use (same
goes for the 'require' statements).

For PHP, good security practices include setting display_errors = Off in the
php.ini configuration file.  This will prevent errors such as this from
displaying, resulting in no path information leaking to the client.

Cheers,
Ryan Fox


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault