Good Morning, The OXID-Team closed the request < https://bugs.oxid-esales.com/view.php?id=4303>, but i still want to discuss it. Maybe the OXID team got me wrong.
1und1 suggested, to put a php.ini in the shop root, to enable the zend optimizer (1und1 removed the deep link < http://hilfe-center.1und1.de/archiv-c82642/zend-optimizer-c82694/wie-kann-ich-den-zend-optimizer-verwenden-a783269.html >). So People have a public php.ini in there shop, and a possible information disclosure. 1und1 did not tell, how to change the .htaccess to prevent this. I think, this is a common use case for hosters und i would suggest, that OXID adds a deny-rule for a php.ini the shop root, additionally to the log files etc. What do you think? Regards, Björn -- *_________________________________ WBL Konzept, Beerden & Lange GbR* *Björn Lange* Geschäftsführender Gesellschafter Luxemburger Straße 266 50937 Köln Bilker Straße 34 40213 Düsseldorf Telefon: 0211 942 120 30 *|* Fax: 0211 942 120 32 www.wbl-konzept.de *|* www.facebook.com/wbl.konzept *|* [email protected]
_______________________________________________ dev-general mailing list [email protected] http://dir.gmane.org/gmane.comp.php.oxid.general
