There *SHOULD* be some directory outside htdocs you can get to...
Talk to your ISP to see if there is.
If not, create a directory and add Apache directives to Deny All access to
that directory. Not as good, but better than nothing.
WARNING [EMAIL PROTECTED] address is an endangered species -- Use
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
----- Original Message -----
From: Seb Frost <[EMAIL PROTECTED]>
To: Rasmus Lerdorf <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, August 21, 2001 12:25 PM
Subject: RE: [PHP] hacks we should know about
> I don't host my own site so how can I put include files outside of the web
> root? I log on ftp and my top level IS the web root (htdocs), I can't go
> any higher.
> - seb
> -----Original Message-----
> From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
> Sent: 17 August 2001 05:01
> To: Bob
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] hacks we should know about
> > hi i found it very helpful to know about hacks such as the below list
> > and was wondering if anyone had any more dumb mistakes they could tell
> > us before we make them.
> > 1. http://www.somesite.com/source.php3?url=/etc/passwd
> > 2. http://www.somesite.com?page=../../../../etc/passwd
> > 3. not setting .inc files to be parsed by php
> This is the wrong solution to securing include files. The correct
> solution is to block any direct access to .inc files by either putting
> them outside your document root or by using an Apache deny rule.
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]