On Thu Jun 05, 2003 at 09:57:20PM +0200, Oden Eriksson wrote:
I found this the other day:
http://archives.neohapsis.com/archives/bugtraq/2003-06/0027.html
..., and I thought I should share this info and a possible fix:
--- php.ini 2003-01-06 05:40:15.0 +0100
+++
On Thu, 2003-06-05 at 18:49, Vincent Danen wrote:
On Thu Jun 05, 2003 at 09:57:20PM +0200, Oden Eriksson wrote:
I found this the other day:
http://archives.neohapsis.com/archives/bugtraq/2003-06/0027.html
..., and I thought I should share this info and a possible fix:
---
On Thu Jun 05, 2003 at 07:49:58PM -0400, Dan Scott wrote:
I'm almost tempted to say we should have this by default. Two things come
to mind here (which is why I'm not in a super hurry to fix this thing, and
likey will issue an advisory with info on how to correct the problem rather
than
fredagen den 6 juni 2003 00.49 skrev Vincent Danen:
On Thu Jun 05, 2003 at 09:57:20PM +0200, Oden Eriksson wrote:
I found this the other day:
http://archives.neohapsis.com/archives/bugtraq/2003-06/0027.html
..., and I thought I should share this info and a possible fix:
--- php.ini
Le ven 06/06/2003 à 03:59, Oden Eriksson a écrit :
+disable_functions = phpinfo
- anyone using phpinfo() and making it publically accessible is insane
Amen ;-)
Of course, people dislike it when I introduce or suggest better security
measures, so I suspect the consensus from people will
fredagen den 6 juni 2003 15.03 skrev Jean-Michel Dault:
Le ven 06/06/2003 à 03:59, Oden Eriksson a écrit :
+disable_functions = phpinfo
- anyone using phpinfo() and making it publically accessible is insane
Amen ;-)
Of course, people dislike it when I introduce or suggest better
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oden Eriksson wrote:
fredagen den 6 juni 2003 15.03 skrev Jean-Michel Dault:
Hmmm..., would it be possible to disable it globally and enable in for
127.0.0.1 only? Make it work only in CLI mode?
One of the goals to be innovative for the next
On Fri Jun 06, 2003 at 05:56:46PM +0200, Oden Eriksson wrote:
In the meantime, I suggest we leave this function alone.
Hmmm..., would it be possible to disable it globally and enable in for
127.0.0.1 only? Make it work only in CLI mode?
I don't know if you can do this with PHP unless you
Le ven 06/06/2003 à 12:34, Vincent Danen a écrit :
In the meantime, I suggest we leave this function alone.
Hmmm..., would it be possible to disable it globally and enable in for
127.0.0.1 only? Make it work only in CLI mode?
One of the goals to be innovative for the next Mandrake
Le ven 06/06/2003 à 12:34, Vincent Danen a écrit :
Personally, I liked it. =) But some people do not approve of my
proactive approach to security. I suppose they like the reactive
approach better.
Just see http://bugs.php.net/bug.php?id=24024, you'll see that the PHP
creator himself marked
On Fri Jun 06, 2003 at 01:37:23PM -0400, Jean-Michel Dault wrote:
Personally, I liked it. =) But some people do not approve of my proactive
approach to security. I suppose they like the reactive approach better.
Why don't we disable /proc? It's pretty insecure... Why don't we patch
pam
On Fri Jun 06, 2003 at 01:45:29PM -0400, Jean-Michel Dault wrote:
Personally, I liked it. =) But some people do not approve of my
proactive approach to security. I suppose they like the reactive
approach better.
Just see http://bugs.php.net/bug.php?id=24024, you'll see that the PHP
On Fri, 2003-06-06 at 19:26, Vincent Danen wrote:
(again, personal opinion). I also don't really see the need for it because,
as I indicated before, only stupid people would write a script to expose
that information to the world. A good sysadmin would not do this.
Coding security features
fredagen den 6 juni 2003 20.26 skrev Vincent Danen:
On Fri Jun 06, 2003 at 01:37:23PM -0400, Jean-Michel Dault wrote:
Personally, I liked it. =) But some people do not approve of my
proactive approach to security. I suppose they like the reactive
approach better.
Why don't we
On Fri Jun 06, 2003 at 09:03:15PM +0200, Oden Eriksson wrote:
Absolutely. But this is so inconsequential either way, it doesn't really
matter to me. I indicated my own personal preference. I've already stated
that this hack will not go into updates because changing a config
arbitrarily
fredagen den 6 juni 2003 21.27 skrev Vincent Danen:
On Fri Jun 06, 2003 at 09:03:15PM +0200, Oden Eriksson wrote:
Absolutely. But this is so inconsequential either way, it doesn't
really matter to me. I indicated my own personal preference. I've
already stated that this hack will not
fredagen den 6 juni 2003 21.27 skrev Vincent Danen:
I'm thinking more like the next release, possible ways to claim a
more secure os. It's just a way of thinking..., maybe we could do
this and get away with it, or maybe not. The usability will have to
remain, but certain things would have
[SNIP]
From My experience the php.ini rpm in 9.1 was kind of .. err .. sad.
I once had to disable safe mode so a devloper could use surtain php things .
Good trappist ( a friend of mine from #mandrake ) had a php.ini online that was
cleaned out.. stripped.
I've just had to copy his file
[SNIP]
From My experience the php.ini rpm in 9.1 was kind of .. err .. sad.
I once had to disable safe mode so a devloper could use surtain php things .
Good trappist ( a friend of mine from #mandrake ) had a php.ini online that was
cleaned out.. stripped.
I've just had to copy his file
19 matches
Mail list logo
