Jump to content

question


Ninjakreborn

Recommended Posts

i just tried this and it works
When I go to a website
www.domainname.com/php.ini
it pulls up the ini file for the site, isn't that a severe security risk, they immediately get to see all information about php's settings,  your version number, ALL the settings, and this is the same way with all sites, almost all sites have it to where it can be easily downloaded, is this a security issue at all, if so why is it set to be able to do that.
Link to comment
Share on other sites

Looks like your host has setup an alias within the server config file. However they appear of missconfigured something as it is not a good idea to allow someone to type in php.ini in the browser to view php setup, instead they should display the phpinfo, rather than the raw php.ini file. Looks your host doesnt quite know what they are doing!
Link to comment
Share on other sites

Shared hosts running php as a CGI allow each site to create there own php.ini files within there application tree structure, that is what we are seeing.

However, you are correct. The configuration directive I posted really ought to be implimented in the server wide httpd.conf, not on a per user basis.
Link to comment
Share on other sites

All they need do is add that snippet to the servers httpd.conf file and the problem is solved. Im sure however that they are aware of this, and for some reason they regard this type of thing as your responsibility. All they do is provide you a publicly available web root. Its up to you to protect what is in it.

PS: Did you get an email from me the other day?
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.