[pmwiki-users] Moving PmWiki session out of /tmp
Thomas -Balu- Walter
list+pmwiki-users at b-a-l-u.de
Mon Nov 28 05:04:32 CST 2005
On Mon, Nov 28, 2005 at 09:39:21AM +0100, Joachim Durchholz wrote:
> Ben Wilson schrieb:
> >Now to see if somehow the hacker finds access
> >to that directory. :-)
>
> Disallow WWW access to that directory.
That won't help. If the attacker can include a remote file (aka
include('http://...');) then he can access any file the webserver can.
There are lots of examples for PHP based file browsers that enable to
walk through a webservers directory structure just like windows users do
in the Explorer.
Balu
More information about the pmwiki-users
mailing list