Quoting php0t <[EMAIL PROTECTED]>: > From: "trains" <[EMAIL PROTECTED]> >> The "AddType" statement for php is normally system-wide, which means >> the web server will execute php scripts that may be found in the >> upload directory. This can be fixed multiple ways: > > They will just place an .htaccess and do addtype themselves. > "php_admin_flag engine off" will probably render most of the issues you > mentioned useless in one shot.
I had never heard of that flag before. Nice. http://us.php.net/manual/es/ref.apache.php I don't think I like seeing php and apache being so tightly coupled, but I suppose we need to live in the real world, eh? tr ------------------------------------------------- Email solutions, MS Exchange alternatives and extrication, security services, systems integration. Contact: [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
