Reply to Re: phpinfo() page on live site — PHP Programming Language

Posted by C. on 09/24/07 20:42

On 24 Sep, 21:36, KDawg44 <KDaw...@gmail.com> wrote:
> Hello,
>
> I recently took over a site for a client and the original developer
> has a phpinfo.php page. I can see how this is interesting during
> development on a dev site, but it seems like giving a lot of
> information to the world to have it on the live site.
>
> My question, am I overreacting or is this as dumb a move as I feel it
> is?
>
> Thanks.

AIR phpinfo() allows javascript injection which means someone could
abuse the link to steal cookies and hijack a session.

The information it exposes is only really a problem if there are known
(to the attacker, at least) issues in the version of software you are
using, but IME most attackers don't bother looking first before
throwing all their attacks at your box.

HTH

C.

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация