Bugtraq mailing list archives
Re: Information Disclosure with Invision Board installation (fwd)
From: Bonemach <bonemach () sdf lonestar org>
Date: Thu, 26 Sep 2002 08:38:36 +0200
You might also want to send the PHP error messages to syslog instead of to the web. This can be configured in php.ini
Bone Machine --- "Break my body, hold my bones" -- The Pixies --- Ka wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, Gossi, I agree with your standpoint. Some "project leaders" easily turn into "project defenders" when one takes a closer look at their project. .o)So the advice for any server with "Invision Board" installed is to disable phpinfo() in the php startup file in addition to setting safe-mode = On and perhaps specifying a special safe_mode_exec_dir.- -- see /etc/php.ini -- ; This directive allows you to disable certain functions for security reasons. ; It receives a comma-deliminated list of function names. This directive is ; *NOT* affected by whether Safe Mode is turned On or Off. disable_functions = phpinfo - ---------------------- Ka- -- "It's the perfect time of dayto throw all your cares away" Barenaked Ladies http://www.khidr.net/users/ka/pgpkey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9kaQf72vu22ltWBERAmZSAJ9zCkpzTzh0d/XQ7JmRtRU4eIQs9wCffao1 xBEznfgI7TidhIhG8wOJYF8= =rUAX -----END PGP SIGNATURE-----
Current thread:
- Information Disclosure with Invision Board installation (fwd) Gossi The Dog (Sep 24)
- Re: Information Disclosure with Invision Board installation (fwd) Gossi The Dog (Sep 25)
- Re: Information Disclosure with Invision Board installation (fwd) Ka (Sep 25)
- Re: Information Disclosure with Invision Board installation (fwd) Bonemach (Sep 27)
- Re: Information Disclosure with Invision Board installation (fwd) Ka (Sep 25)
- Re: Information Disclosure with Invision Board installation (fwd) Gossi The Dog (Sep 25)