Edit report at http://bugs.php.net/bug.php?id=53256&edit=1
ID: 53256 User updated by: geoffreyfishing at users dot sourceforge dot net Reported by: geoffreyfishing at users dot sourceforge dot net Summary: Protect .ini files by default. Status: Open Type: Feature/Change Request Package: PHP options/info functions Operating System: All PHP Version: 5.3.3 Block user comment: N New Comment: Well, you could make it so that the web server called PHP for ini files. The point is that almost any ini file on a web server is probably not to be read by everyone on the web. I am just proposing that you use PHP to block access to ini files. Its only a suggestion, and Im not in charge. Do whatever you want with it. Previous Comments: ------------------------------------------------------------------------ [2010-11-07 23:36:41] [email protected] Why would PHP be called for an .ini file? The web servers are generally configured for only calling PHP for .php files. ------------------------------------------------------------------------ [2010-11-07 23:20:38] geoffreyfishing at users dot sourceforge dot net I think you are misunderstanding my idea. The idea is not to parse the ini file, the idea is to prevent the ini file from being directly requested. Like for example if the ini file got requested, php.exe would just return an empty string. Or, you could have an "access denied" error, or "404 not found" error or something else. ------------------------------------------------------------------------ [2010-11-07 22:31:09] [email protected] I don't see the usefulness. Why would the webserver be configured to read the ini files as PHP files in the first place?... Am I missing something? ------------------------------------------------------------------------ [2010-11-07 19:39:13] geoffreyfishing at users dot sourceforge dot net Description: ------------ With the parse_ini_file() function, many people are coming up with different ways to protect ini files (need proof? check the comments for that function). The idea here is to register the .ini file with the PHP parser, and then have the parser just return like a blank screen or something. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=53256&edit=1
