On Jan 5, 2008 11:20 AM, Afan Pasalic <afan@xxxxxxxx> wrote: > That was my thought too, but, when I create new folder - it will > automatically create php.ini inside and there is no point of deleting them. > > HOW insecure it is? Because, since you know there is php.ini you can > easy open every of them (http://mydomain.com/gallery/images/php.ini) and > look. Isn't is vulnerable point? Using .htaccess you can disallow viewing of the file. If you use phpinfo(); anywhere in your site, that actually divulges more information, because that will disclose the availability and configuration of external modules, users on the server, path information, and more. -- Daniel P. Brown [Phone Numbers Go Here!] [They're Hidden From View!] If at first you don't succeed, stick to what you know best so that you can make enough money to pay someone else to do it for you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
