Apache leaks sensitive info in PHP phpinfo() calls
Stijn Hoop
stijn at win.tue.nl
Thu Nov 13 04:40:09 PST 2003
On Thu, Nov 13, 2003 at 10:26:19AM +0000, Jez Hancock wrote:
> I wanted to get some opinions on this subject before I submit a PR about
> it. I don't know if there are any pitfalls with the 'fix' I suggested
> and though it best to run it past people here before submitting. If
> there's a better place to post this please let me know (freebsd-ports?).
FWIW, I have been doing a variation on this for a long time, no ill effects.
I also think it is unwise to propagate every environment variable, but the
solution should be implemented by the Apache people I think.
Just a quick 'me too',
--Stijn
--
This sentence contradicts itself -- no actually it doesn't.
-- Hofstadter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20031113/6e86d2db/attachment.bin
More information about the freebsd-security
mailing list