-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, Gossi, I agree with your standpoint. Some "project leaders" easily turn into "project defenders" when one takes a closer look at their project. .o) So the advice for any server with "Invision Board" installed is to disable phpinfo() in the php startup file in addition to setting safe-mode = On and perhaps specifying a special safe_mode_exec_dir. - -- see /etc/php.ini -- ; This directive allows you to disable certain functions for security reasons. ; It receives a comma-deliminated list of function names. This directive is ; *NOT* affected by whether Safe Mode is turned On or Off. disable_functions = phpinfo - ---------------------- Ka - -- "It's the perfect time of day to throw all your cares away" Barenaked Ladies http://www.khidr.net/users/ka/pgpkey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9kaQf72vu22ltWBERAmZSAJ9zCkpzTzh0d/XQ7JmRtRU4eIQs9wCffao1 xBEznfgI7TidhIhG8wOJYF8= =rUAX -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Wed Sep 25 2002 - 05:28:49 PDT