You might also want to send the PHP error messages to syslog instead of to the web. This can be configured in php.ini Bone Machine --- "Break my body, hold my bones" -- The Pixies --- Ka wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Well, Gossi, > > I agree with your standpoint. Some "project leaders" > easily turn into "project defenders" when one takes > a closer look at their project. .o) > > > So the advice for any server with "Invision Board" installed > is to disable phpinfo() in the php startup file in addition > to setting safe-mode = On and perhaps specifying a special > safe_mode_exec_dir. > > > - -- see /etc/php.ini -- > > ; This directive allows you to disable certain functions for security reasons. > ; It receives a comma-deliminated list of function names. This directive is > ; *NOT* affected by whether Safe Mode is turned On or Off. > disable_functions = phpinfo > > - ---------------------- > > > > > Ka > - -- > "It's the perfect time of day > to throw all your cares away" Barenaked Ladies > http://www.khidr.net/users/ka/pgpkey.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE9kaQf72vu22ltWBERAmZSAJ9zCkpzTzh0d/XQ7JmRtRU4eIQs9wCffao1 > xBEznfgI7TidhIhG8wOJYF8= > =rUAX > -----END PGP SIGNATURE----- > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 00:10:36 PDT