Re: DotClear Full Path Disclosure Vulnerability
Of course, there are multiple ways to secure software after their setup,
provided you know a minimum about computer security.
But I think many people just do the default setup the easy way via the
setup wizard.
That's why I believe the developers should take great care securing
their software by default.
Well the ideal situation for incuding files is when your root is not
yout webroot.
But if you dont have this you can make a workaround by placing every php
file that is not directy called (but included) into a folder and place
in it an .htaccess file with a deny from all command so it would not be
accesible from anyone through a browser.