chantown Posted December 26, 2007 Share Posted December 26, 2007 First of all, is this a big problem (if we have patched up SQL inject + XSS)? Can we disable error reporting in PHP.ini , so that this will no longer show to people? Link to comment https://forums.phpfreaks.com/topic/83211-how-can-i-eliminate-full-path-disclosure-bugs/ Share on other sites More sharing options...
PHP_PhREEEk Posted December 26, 2007 Share Posted December 26, 2007 1. No, not really.... no one can do anything directly to you using only full path disclosure (FPD). FPD only becomes a problem if used in conjunction with another vulnerability. In fact, a large majority of servers use very similar pathing for user files, so in these cases, FPD can be easily guessed. This isn't a problem unless you have other insecurities. 2. Absolutely, and is recommended for production servers. Set display_errors = Off in php.ini PhREEEk Link to comment https://forums.phpfreaks.com/topic/83211-how-can-i-eliminate-full-path-disclosure-bugs/#findComment-423309 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.