[pmwiki-users] index.php
H. Fox
haganfox at gmail.com
Thu Jul 21 16:21:34 CDT 2005
On 7/20/05, Benjamin Wilson <ameen at dausha.net> wrote:
> The less intrusive action is to provide sample-index.php. Although,
> having three ways of accessing pmwiki (e.g. pmwiki.php, index.php, and
> sample-index.php) presents a greater security threat, IMO. I mean, I
> only have one PHP script callable by the browser.
Wondering: If they're are all equivalent, what security risk does it introduce?
There's definitely risk from the renaming approach. If you forget the
extra step of copying pmwiki.php to index.php when you upgrade you'll
have security risk from (1) not getting the new version's security
fixes, and (2) version mixing.
Hagan
More information about the pmwiki-users
mailing list