[pmwiki-users] pmwiki exploit
Joachim Durchholz
jo at durchholz.org
Wed Sep 6 12:02:42 CDT 2006
Thomas -Balu- Walter schrieb:
> Life is a lot more difficult. I've worked on servers where .htaccess
> files were not allowed - IIS servers don't know them at all iirc.
There's a difference.
IIS doesn't have .htacces, but it should have an equivalent mechanism.
> Many providers even disallow the usage of ini_set(); because of
> "improved security".
I can see situations where this is a valid strategy.
Namely, if the customers are on the less knowledgeable side and more
likely to tear open all kinds of security holes with ini_set than to
close them, and if the shop doesn't have knowledge about other means of
securing servers. (Securing a Linux server isn't easy. I've been working
on a secure configuration for over a year now, and I'm still not satisfied.)
Regards,
Jo
More information about the pmwiki-users
mailing list