[pmwiki-users] pmwiki exploit
Thomas -Balu- Walter
list+pmwiki-users at b-a-l-u.de
Wed Sep 6 07:05:23 CDT 2006
On Wed, Sep 06, 2006 at 05:38:09PM +0530, V.Krishn wrote:
> > There are still a lot of applications that need to have this on. So most
> > providers enable it...
> I guess so, but I think the best way would be each application has its
> required settings in their own .htaccess at its root folder. I might be
> mistaken, or is it that the server is still at risk if only one application
> is secured?
Life is a lot more difficult. I've worked on servers where .htaccess
files were not allowed - IIS servers don't know them at all iirc. Many
providers even disallow the usage of ini_set(); because of "improved security".
More information about the pmwiki-users