[pmwiki-users] pmwiki exploit

Thomas -Balu- Walter list+pmwiki-users at b-a-l-u.de
Wed Sep 6 07:05:23 CDT 2006


On Wed, Sep 06, 2006 at 05:38:09PM +0530, V.Krishn wrote:
> > There are still a lot of applications that need to have this on. So most
> > providers enable it...
> I guess so, but I think the best way would be each application has its 
> required settings in their own .htaccess at its root folder. I might be 
> mistaken,  or is it that the server is still at risk if only one application 
> is secured?

Life is a lot more difficult. I've worked on servers where .htaccess
files were not allowed - IIS servers don't know them at all iirc. Many
providers even disallow the usage of ini_set(); because of "improved security".

     Balu




More information about the pmwiki-users mailing list