Tom Z. Meinlschmidt wrote: > Hi, > > I've experienced a lot of attacks in my hosting server due to silly users and > their scripts with holes. So I prepared this little patch to 4.3.10, which > disables using url wrappers in include/include_once/require/require_once > statemens (switchable in php.ini). See readme.security from patch > > patch is there: > > http://orin.meinlschmidt.org/~znouza/php_patch.txt > > comments are welcome > > /tom > http://php.net/manual/en/ini.php#ini.list allow_url_fopen = 0 -- Teach a man to fish... NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-general&w=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php LAZY | http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
Attachment:
signature.asc
Description: OpenPGP digital signature
