[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <45D22FF8.7060801@free.fr>
Date: Tue, 13 Feb 2007 22:39:04 +0100
From: Raphaƫl HUCK <raphael.huck@...e.fr>
To: Gmail account <god.ate.my.homework@...il.com>
Cc: Cedric Blancher <blancher@...tel-securite.fr>,
bugtraq@...urityfocus.com
Subject: Re: DotClear Full Path Disclosure Vulnerability
Of course, there are multiple ways to secure software after their setup,
provided you know a minimum about computer security.
But I think many people just do the default setup the easy way via the
setup wizard.
That's why I believe the developers should take great care securing
their software by default.
> Well the ideal situation for incuding files is when your root is not
> yout webroot.
> But if you dont have this you can make a workaround by placing every php
> file that is not directy called (but included) into a folder and place
> in it an .htaccess file with a deny from all command so it would not be
> accesible from anyone through a browser.
>
>
Powered by blists - more mailing lists