Re: [Full-Disclosure] Re: Information Disclosure with Invision Board installation (fwd)

• Previous message: Ka: "[Full-Disclosure] Re: Information Disclosure with Invision Board installation (fwd)"
• In reply to: Ka: "[Full-Disclosure] Re: Information Disclosure with Invision Board installation (fwd)"
• Next in thread: Gossi The Dog: "[Full-Disclosure] Re: Information Disclosure with Invision Board installation (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 25 Sep 2002, Ka wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> At Mittwoch, 25. September 2002 01:55 Rossen wrote:
> > Fortunately phpinfo() is disabled in safe mode, 
> > which is a must for a "production server".
> 
> Good idea. But this is not happening on apache
> mod_php4 or am I missing something?
> 
> - ------------ output from phpinfo() ----------
> PHP Version 4.0.6
> ...
> Directive	Local Value	Master Value
> ...
> safe_mode	On		On
> - ---------------------------------------------

I've checked this with PHP4 too, and get the same behaviour.  I presume 
phpinfo() can be disabled somewhere in the conf files for safe mode.  Is 
it by default, one wonders.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Next message: Gossi The Dog: "[Full-Disclosure] Re: Information Disclosure with Invision Board installation (fwd)"
• Previous message: Ka: "[Full-Disclosure] Re: Information Disclosure with Invision Board installation (fwd)"
• In reply to: Ka: "[Full-Disclosure] Re: Information Disclosure with Invision Board installation (fwd)"
• Next in thread: Gossi The Dog: "[Full-Disclosure] Re: Information Disclosure with Invision Board installation (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 25 2002 - 03:53:43 PDT