On Fri Jun 06, 2003 at 01:45:29PM -0400, Jean-Michel Dault wrote: > > Personally, I liked it. =) But some people do not approve of my > > proactive approach to security. I suppose they like the reactive > > approach better. > > Just see http://bugs.php.net/bug.php?id=24024, you'll see that the PHP > creator himself marked the bug as bogus: > > ID: 24024 > Updated by: [EMAIL PROTECTED] > Reported By: rich dot fearn at btopenworld dot com > -Status: Open > +Status: Bogus > Bug Type: Unknown/Other Function > Operating System: Linux > PHP Version: 4.3.1 > New Comment: > > phpinfo() is a debugging function. It is not something that should be > publically accessible. Adding filtering to it would make it much less > useful as a debugging tool.
I agree with his point of view, however I disagree with his immediate dismissal of the problem. phpinfo(), as a function, should be limited to a specific set of hosts, defined in the ini file. That is how *I* would resolve the problem. Anyways, I think this discussion is pretty much useless. I don't much care if/how/whatever we work with or around it. As I've said many times, this is pretty small beans. I have just, over and over, indicated a personal preference and not something I feel intent upon pushing onto cooker or updates. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature