full path disclosure

[php_novice2007]

How do I prevent this?

 

thanks~!

[Orio]

Can you explain a bit??

 

Orio.

[kwdrysdale]

I don't have a solution to the problem as I have the exact same problem, and question.  Is there some way to prevent full path disclosure?  For the last post, what it is, where I have seen it anyway, is if there is an error message it will show the full path of where the file is that contains the error.  This gives hackers more information about the server and your file structure.  So...is there anyone out there willing to share how to prevent this?  Thanks.

 

Kevin

[revraz]

Once your code works, you want to suppress the errors with "@".

Unless you mean something else.

[kratsg]

Have you tried this?

 

error_reporting(0);

[kwdrysdale]

Have you tried this?

 

error_reporting(0);

 

I like this solution.  I think it should be pretty easy to implement, since I should be able to add it at the beginning of all php files.  It's amazing how much stuff there is to learn with all this!!  Thanks.

 

Kevin

[PHP_PhREEEk]

Another security myth that needs a bit of debunking here...

 

Full path disclosure in itself is not a security concern. Due to the generalized way many servers setup web hosting accounts, the full path itself could be guessed QUITE EASILY in a lot of cases.

 

Anyways, to repeat... knowing the full path to your file system is NOT a security concern.

 

It only becomes a tool for a hacker if he successfully breaches other parts of your security. If you code correctly and have reasonable security measures already in place, a potential evil-doer can do nothing armed only with full path information.

 

PhREEEk