> HTML file is an PHP, or an .index.php.swp is found, values like DB
> usernames/passwords, security mechanism or worse might be revealed to the
> user requesting the file.
>
> What can you do?
> There isn't much you can do beside:
> 1) Avoid leaving these files behind
> 2) Make rules in Apache/
Here's another thing: Don't put your db usernames/passwords in any file
that is accessable from the web. (the don't have to be)If some
other bonehead admin happens to replace your http.conf with a generic
one, you don't want all your blocked files showing up automagically.
Secondly, be aware
Le jeu 12/08/2004 à 08:45, [EMAIL PROTECTED] a écrit :
> There isn't much you can do beside:
> 1) Avoid leaving these files behind
> 2) Make rules in Apache/whatever to block access to .swp, ~, etc files.
The babelweb scanner [1] is already looking for backup files under the
webroot. Tested exten
>>> <[EMAIL PROTECTED]> 12/08/2004 07:45:20 >>>
> In case where the
> HTML file is an PHP, or an .index.php.swp is found, values like DB
> usernames/passwords, security mechanism or worse might be revealed to the
> user requesting the file.
> What can you do?
> There isn't much you can do besid
