[thelist] php settings for DB access

Andrew Maynes andrew at humanbehaviour.co.uk
Wed Aug 14 13:24:23 CDT 2002


sorry I meant .inc files with user name and passwords included.  I did a search
last night and I came a cross at least 5 files with this type of information, I
was shocked.

Andrew

-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of jon steele
Sent: Wednesday, August 14, 2002 07:18
To: thelist at lists.evolt.org
Subject: RE: [thelist] php settings for DB access


--- Andrew Maynes <andrew at humanbehaviour.co.uk> wrote:
> There must be something with the refresh!  The index.html has kicked in now so
> none of the files residing within that directory are showing now.
>
> if search engines pick up these files then there is a potential security scare
> for alot of sites out there.

So what if search engines pick it up? It is a php script with a .php extension,
so the server will
parse the file. And since it is just a variable include, the output will be
nothing :).

There is a scare for those people who name files .inc or .txt or no extension at
all, and the
server doesn't parse the file and opens or prompts for download :|


__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
--
For unsubscribe and other options, including
the Tip Harvester and archive of thelist go to:
http://lists.evolt.org Workers of the Web, evolt !

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/02

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/02




More information about the thelist mailing list