> hi i found it very helpful to know about hacks such as the below list
> and was wondering if anyone had any more dumb mistakes they could tell
> us before we make them.
>
> 1. http://www.somesite.com/source.php3?url=/etc/passwd
> 2. http://www.somesite.com?page=../../../../etc/passwd
> 3. not setting .inc files to be parsed by php
This is the wrong solution to securing include files. The correct
solution is to block any direct access to .inc files by either putting
them outside your document root or by using an Apache deny rule.
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
