WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: PHP Easter Eggs

From: Alexander Klimov <alserkli () inbox ru>
Date: Mon, 29 Nov 2004 22:54:45 +0200 (IST)
On Sun, 28 Nov 2004, Andi McLean wrote:

Does anyone know about the easter eggs in PHP?
I've just found out about them, My trust in PHP has just had a major set back,
as I'm wondering what other easter eggs there are and can any be used to
circumenvent the protection I have on my site.
I feel like I now need to have a look at the source code, to find out what
else is there.


Note that the configuration file is the only thing you should look at. This is
what you could see in the default (as well as in the recomended) php.ini:

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
expose_php = On

The point is that it is by no means hidden or explained only in a fine print in
some obscure place (e.g, only as a comment in source code) -- in contrary it is
explained in the place which you (as an administrator)  simply can't avoid
reading if you configure php at all.

-- 
Regards,
ASK
Previous By Date Next
Previous By Thread Next

Current thread: