<<< Date Index >>>     <<< Thread Index >>>

Re: DotClear Full Path Disclosure Vulnerability



Of course, there are multiple ways to secure software after their setup, provided you know a minimum about computer security.

But I think many people just do the default setup the easy way via the setup wizard.

That's why I believe the developers should take great care securing their software by default.

Well the ideal situation for incuding files is when your root is not yout webroot. But if you dont have this you can make a workaround by placing every php file that is not directy called (but included) into a folder and place in it an .htaccess file with a deny from all command so it would not be accesible from anyone through a browser.