Edit report at http://bugs.php.net/bug.php?id=53256&edit=1
ID: 53256 Updated by: ahar...@php.net Reported by: geoffreyfishing at users dot sourceforge dot net Summary: Protect .ini files by default. -Status: Open +Status: Wont fix Type: Feature/Change Request Package: PHP options/info functions Operating System: All PHP Version: 5.3.3 Block user comment: N New Comment: I see no reason for this. If you don't want .ini files served by your Web server, you can easily disable serving files with that extension in pretty much every Web server in existence. PHP is the wrong tool for the job. Previous Comments: ------------------------------------------------------------------------ [2010-11-08 04:35:46] geoffreyfishing at users dot sourceforge dot net Well, you could make it so that the web server called PHP for ini files. The point is that almost any ini file on a web server is probably not to be read by everyone on the web. I am just proposing that you use PHP to block access to ini files. Its only a suggestion, and Im not in charge. Do whatever you want with it. ------------------------------------------------------------------------ [2010-11-07 23:36:41] cataphr...@php.net Why would PHP be called for an .ini file? The web servers are generally configured for only calling PHP for .php files. ------------------------------------------------------------------------ [2010-11-07 23:20:38] geoffreyfishing at users dot sourceforge dot net I think you are misunderstanding my idea. The idea is not to parse the ini file, the idea is to prevent the ini file from being directly requested. Like for example if the ini file got requested, php.exe would just return an empty string. Or, you could have an "access denied" error, or "404 not found" error or something else. ------------------------------------------------------------------------ [2010-11-07 22:31:09] cataphr...@php.net I don't see the usefulness. Why would the webserver be configured to read the ini files as PHP files in the first place?... Am I missing something? ------------------------------------------------------------------------ [2010-11-07 19:39:13] geoffreyfishing at users dot sourceforge dot net Description: ------------ With the parse_ini_file() function, many people are coming up with different ways to protect ini files (need proof? check the comments for that function). The idea here is to register the .ini file with the PHP parser, and then have the parser just return like a blank screen or something. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=53256&edit=1
