[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3D92AB6C.8000305@sdf.lonestar.org>
From: bonemach at sdf.lonestar.org (Bonemach)
Subject: Re: Information Disclosure with Invision Board installation (fwd)
You might also want to send the PHP error messages to syslog instead of
to the web. This can be configured in php.ini
Bone Machine
---
"Break my body, hold my bones" -- The Pixies
---
Ka wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Well, Gossi,
>
> I agree with your standpoint. Some "project leaders"
> easily turn into "project defenders" when one takes
> a closer look at their project. .o)
>
>
> So the advice for any server with "Invision Board" installed
> is to disable phpinfo() in the php startup file in addition
> to setting safe-mode = On and perhaps specifying a special
> safe_mode_exec_dir.
>
>
> - -- see /etc/php.ini --
>
> ; This directive allows you to disable certain functions for security reasons.
> ; It receives a comma-deliminated list of function names. This directive is
> ; *NOT* affected by whether Safe Mode is turned On or Off.
> disable_functions = phpinfo
>
> - ----------------------
>
>
>
>
> Ka
> - --
> "It's the perfect time of day
> to throw all your cares away" Barenaked Ladies
> http://www.khidr.net/users/ka/pgpkey.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE9kaQf72vu22ltWBERAmZSAJ9zCkpzTzh0d/XQ7JmRtRU4eIQs9wCffao1
> xBEznfgI7TidhIhG8wOJYF8=
> =rUAX
> -----END PGP SIGNATURE-----
>
Powered by blists - more mailing lists