mailing list archives
Re: Advisory #3 - PHP & JSP
From: "Ryan Fox" <rfox () noguska com>
Date: Fri, 8 Feb 2002 12:37:18 -0500
Use hard coded directory paths in the 'include' statements you use (same
goes for the 'require' statements).
For PHP, good security practices include setting display_errors = Off in the
php.ini configuration file. This will prevent errors such as this from
displaying, resulting in no path information leaking to the client.