[Phpmyadmin-devel] Re: [Phpmyadmin-users] bugs recently published on securityfocusare true?
Michal Cihar
nijel at users.sourceforge.net
Wed Jun 18 13:24:03 CEST 2003
On Wednesday 18 of June 2003 22:14, Garvin Hicking wrote:
> Regarding the directory disclore issue: The author means that PHP will
> print out the 'missing variable in file /ddd/xxx/eee/bla.php' and thereby
> showing the path. I guess we can only hide that part by pointing out to not
> letting PHP print out errors on a webpage in production environments. On
> our side, we can only reduce the PHP error output, I guess?
We should avoid any php error message, and end with our error when something
needed is not defined (eg. db/table...)
--
Regards
Michal Cihar
nijel at users dot sourceforge dot net
http://cihar.liten.cz
More information about the Developers
mailing list