Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P

From: David Nugent (davidnat_private)
Date: Wed Jul 04 2001 - 22:55:43 PDT

Next message: patpro: "Re: MacOSX 10.0.X Permissions uncorrectly set - I got it"

Previous message: Charles Stevenson: "lmail local root exploit"
In reply to: Forrest J Cavalier III: "Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I find it good practice that PHP included files have ONLY
> function definitions, (and perhaps some assignments of
> global configuration variables.)

I find it better practice to put and organise php include files completely
outside of the web document tree regardless of how they are named. Garbage
in there is security fodder, and good habits are good habits.

php_include works perfectly and is provided for exactly this purpose - why
not return a 404 and not even give a hint to indicate that there's anything
at that location at all (because there /isn't/)..

Next message: patpro: "Re: MacOSX 10.0.X Permissions uncorrectly set - I got it"
Previous message: Charles Stevenson: "lmail local root exploit"
In reply to: Forrest J Cavalier III: "Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 12:40:40 PDT