Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
borat
Hangin' Around


Joined: Aug 05, 2005
Posts: 29

PostPosted: Thu May 25, 2006 2:34 am Reply with quote

Hi

I quickly uploaded a php test script to find out something about sendmail on my server but I noticed this:

_SERVER["PHP_AUTH_PW"] and it showed my .htaccess password eventhough it's encoded in the original file! am I being paranoid?
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Thu May 25, 2006 6:18 am Reply with quote

Nope. That's why you never leave phpinfo() on a website!
 
View user's profile Send private message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sat Jun 10, 2006 4:33 pm Reply with quote

Maybe a stupid question, but is there any risk to have a download file .zip that does the same like phpinfo and a lot more. I have never heard about such a risk but I was only wondering because the number of downloads for this file is relative high..
 
View user's profile Send private message
Raven
PostPosted: Sat Jun 10, 2006 5:02 pm Reply with quote

Risk to whom? Just offering the script is no risk to you. But having it available for others to execute is a recipe for server disaster.
 
Susann
PostPosted: Sat Jun 10, 2006 5:41 pm Reply with quote

Having it available to download and having it available to excute is a small but important difference. Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©