Edit report at http://bugs.php.net/bug.php?id=53256&edit=1
ID: 53256
User updated by: geoffreyfishing at users dot sourceforge dot net
Reported by: geoffreyfishing at users dot sourceforge dot net
Summary: Protect .ini files by default.
Status: Wont fix
Type: Feature/Change Request
Package: PHP options/info functions
Operating System: All
PHP Version: 5.3.3
Block user comment: N
New Comment:
Your right. I had just seen a similarity in how ASP.NET disables viewing
of
web.config files, but PHP is not ASP.NET, and that might even be a curse
word
around here.
Thanks, no harm intended.
Previous Comments:
------------------------------------------------------------------------
[2010-11-09 16:20:13] ahar...@php.net
I see no reason for this. If you don't want .ini files served by your
Web server, you can easily disable serving files with that extension in
pretty much every Web server in existence. PHP is the wrong tool for the
job.
------------------------------------------------------------------------
[2010-11-08 04:35:46] geoffreyfishing at users dot sourceforge dot net
Well, you could make it so that the web server called PHP for ini files.
The point
is that almost any ini file on a web server is probably not to be read
by everyone
on the web. I am just proposing that you use PHP to block access to ini
files.
Its only a suggestion, and Im not in charge. Do whatever you want with
it.
------------------------------------------------------------------------
[2010-11-07 23:36:41] cataphr...@php.net
Why would PHP be called for an .ini file? The web servers are generally
configured for only calling PHP for .php files.
------------------------------------------------------------------------
[2010-11-07 23:20:38] geoffreyfishing at users dot sourceforge dot net
I think you are misunderstanding my idea. The idea is not to parse the
ini file,
the idea is to prevent the ini file from being directly requested. Like
for
example if the ini file got requested, php.exe would just return an
empty string.
Or, you could have an "access denied" error, or "404 not found" error or
something
else.
------------------------------------------------------------------------
[2010-11-07 22:31:09] cataphr...@php.net
I don't see the usefulness. Why would the webserver be configured to
read the ini files as PHP files in the first place?... Am I missing
something?
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=53256
--
Edit this bug report at http://bugs.php.net/bug.php?id=53256&edit=1
