[pmwiki-users] pmwiki exploit

Joachim Durchholz jo at durchholz.org
Wed Sep 6 12:02:42 CDT 2006

Thomas -Balu- Walter schrieb:
> Life is a lot more difficult. I've worked on servers where .htaccess
> files were not allowed - IIS servers don't know them at all iirc.

There's a difference.

IIS doesn't have .htacces, but it should have an equivalent mechanism.

> Many providers even disallow the usage of ini_set(); because of
> "improved security".

I can see situations where this is a valid strategy.
Namely, if the customers are on the less knowledgeable side and more 
likely to tear open all kinds of security holes with ini_set than to 
close them, and if the shop doesn't have knowledge about other means of 
securing servers. (Securing a Linux server isn't easy. I've been working 
on a secure configuration for over a year now, and I'm still not satisfied.)


More information about the pmwiki-users mailing list