Bugtraq mailing list archives
Re: Information Disclosure with Invision Board installation (fwd)
From: Ka <ka () khidr net>
Date: Wed, 25 Sep 2002 13:55:10 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, Gossi, I agree with your standpoint. Some "project leaders" easily turn into "project defenders" when one takes a closer look at their project. .o) So the advice for any server with "Invision Board" installed is to disable phpinfo() in the php startup file in addition to setting safe-mode = On and perhaps specifying a special safe_mode_exec_dir. - -- see /etc/php.ini -- ; This directive allows you to disable certain functions for security reasons. ; It receives a comma-deliminated list of function names. This directive is ; *NOT* affected by whether Safe Mode is turned On or Off. disable_functions = phpinfo - ---------------------- Ka - -- "It's the perfect time of day to throw all your cares away" Barenaked Ladies http://www.khidr.net/users/ka/pgpkey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9kaQf72vu22ltWBERAmZSAJ9zCkpzTzh0d/XQ7JmRtRU4eIQs9wCffao1 xBEznfgI7TidhIhG8wOJYF8= =rUAX -----END PGP SIGNATURE-----
Current thread:
- Information Disclosure with Invision Board installation (fwd) Gossi The Dog (Sep 24)
- Re: Information Disclosure with Invision Board installation (fwd) Gossi The Dog (Sep 25)
- Re: Information Disclosure with Invision Board installation (fwd) Ka (Sep 25)
- Re: Information Disclosure with Invision Board installation (fwd) Bonemach (Sep 27)
- Re: Information Disclosure with Invision Board installation (fwd) Ka (Sep 25)
- Re: Information Disclosure with Invision Board installation (fwd) Gossi The Dog (Sep 25)