lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: ka at khidr.net (Ka)
Subject: Re: Information Disclosure with Invision Board installation (fwd)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well, Gossi,

I agree with your standpoint. Some "project leaders"
easily turn into "project defenders" when one takes
a closer look at their project. .o)


So the advice for any server with "Invision Board" installed 
is to disable phpinfo() in the php startup file in addition
to setting safe-mode = On and perhaps specifying a special 
safe_mode_exec_dir.


- -- see /etc/php.ini --

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-deliminated list of function names.  This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
disable_functions = phpinfo

- ----------------------




Ka
- -- 
"It's the perfect time of day
to throw all your cares away"  Barenaked Ladies
http://www.khidr.net/users/ka/pgpkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9kaQf72vu22ltWBERAmZSAJ9zCkpzTzh0d/XQ7JmRtRU4eIQs9wCffao1
xBEznfgI7TidhIhG8wOJYF8=
=rUAX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ