Re: PHPInfo disabled due to security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 15, 2010 at 09:57, Paul S <paul.s@xxxxxxxxxxxx> wrote:
>
> Warning: phpinfo() has been disabled for security reasons in
> /home/.../php/phpinfo.php on line 2
>
> My ISP has disabled phpinfo and has not answered my tech requests on this
> for over a month.
>
> They seem to never have a thing to do but play games with silly security
> "issues".

    Well, phpinfo() does, by default, divulge some things that could
be considered security concerns --- particularly in poorly-managed
environments.  Primarily, this is by giving a synopsis of versions and
paths of software, but some versions and configurations will also
broadcast information about the currently logged-in user (PTS/TTY) in
the $_ENV display.  Sure, you can display everything manually that
phpinfo() does automatically, but it's easier for some to vilify
something because they heard it was bad than to actually address the
greater issues.

> In a day some phone calls are going to be made. I need some help.
>
> What brief arguments should I be giving to get this changed?

    In cases like this, I'd agree with Al's response; there are plenty
of other web hosts out there.




    (My own signature is not intended as a form of advertisement in
this case, mind you.... it's simply the default.  ;-P)

-- 
</Daniel P. Brown>
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux