Recently while trying to broaden my horizons I started to learn php, after writing the basic hello world app and a basic script to query a mysql database I stumbled across phpmyadmin. I had trouble getting it configured correctly for the raq server that my site is on. I wrote a quick script with phpinfo() to get the information I needed. What does phpinfo() tell you...from the phpmanual.......
"Outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License"
I did a search on google for phpinfo and was amazed to find hundreds of websites that freely divulge this information. Go try it yourself. At the very least and scripts that contain phpinfo should be in a protected directory. Don't know how to protect a directory take a look at this tut http://faq.clever.net/htaccess.htm
I am no security guru and all the information that phpinfo dumps may be able to obtained through the use of various tools or methods but having all that information in one place sure gives the kiddies a head start.
In summary if you use phpinfo for configuration or debugging make sure you put it into a protected directory.
Yeah, I started learning PHP at the start of the week, because I found a free host which supports PHP among other stuff Hyperlinx and I'm a sucker for freebies.
I went to http://php.resourceindex.com and most (if not all) of their scripts have a "create a file and put it on the server" or some sort of logging feature. With the "create-a-file"-majigs, there is no file size limit so if you just make a really long file, you can use up the entire memory quota!
Now, I was wondering if there is some sort of patch, which can set a maximum file limit on each file. I don't want to change the scripts themselves, mainly in case I break something or do something stupid.
Just thought I'd ask, thanks.