WebApp Sec mailing list archives
Re: Fwd: PHP Easter Eggs
From: Alexander Klimov <alserkli () inbox ru>
Date: Mon, 29 Nov 2004 22:54:45 +0200 (IST)
On Sun, 28 Nov 2004, Andi McLean wrote:
Does anyone know about the easter eggs in PHP? I've just found out about them, My trust in PHP has just had a major set back, as I'm wondering what other easter eggs there are and can any be used to circumenvent the protection I have on my site. I feel like I now need to have a look at the source code, to find out what else is there.
Note that the configuration file is the only thing you should look at. This is what you could see in the default (as well as in the recomended) php.ini: ; Decides whether PHP may expose the fact that it is installed on the server ; (e.g. by adding its signature to the Web server header). It is no security ; threat in any way, but it makes it possible to determine whether you use PHP ; on your server or not. expose_php = On The point is that it is by no means hidden or explained only in a fine print in some obscure place (e.g, only as a comment in source code) -- in contrary it is explained in the place which you (as an administrator) simply can't avoid reading if you configure php at all. -- Regards, ASK
Current thread:
- Fwd: PHP Easter Eggs Andi McLean (Nov 29)
- Re: Fwd: PHP Easter Eggs Astarna (Nov 29)
- Re: PHP Easter Eggs Griffiths, Ian (Nov 29)
- Re: PHP Easter Eggs Serban Gh. Ghita (Nov 29)
- Re: PHP Easter Eggs Serban Gh. Ghita (Nov 29)
- Re: PHP Easter Eggs Harrison Gladden (Nov 30)
- RE: PHP Easter Eggs V. Poddubnyy (Dec 01)
- Re: PHP Easter Eggs Antonio Varni (Dec 08)
- Re: PHP Easter Eggs Harrison Gladden (Nov 30)
- Re: Fwd: PHP Easter Eggs Alexander Klimov (Nov 29)
- Re: Fwd: PHP Easter Eggs Harald Nesland (Nov 29)
- Re: Fwd: PHP Easter Eggs RSnake (Nov 29)
- Re: PHP Easter Eggs q q (Nov 29)
- Re: Fwd: PHP Easter Eggs Saqib . N . Ali (Nov 30)
- Re: Fwd: PHP Easter Eggs exon (Nov 30)
- Re: PHP Easter Eggs Paul Fierro (Dec 01)
- Re: PHP Easter Eggs Jimi Thompson (Dec 02)
- Re: PHP Easter Eggs Griffiths, Ian (Dec 03)
- SQL injection (no single quotes used) Juan Carlos Calderon (Dec 14)
- Re: SQL injection (no single quotes used) Olivier G. Gaumond (Dec 15)
- Re: Fwd: PHP Easter Eggs exon (Nov 30)