|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kevin Spett (kspett_at_spidynamics.com)
Date: Tue Jul 09 2002 - 22:40:11 CDT
Yes, I absolutely agree that with everyone that the optimal and correct
configuration is to make the include file:
a) outside of the webroot
b) of a file type that cannot be executed without being included by
another piece of code
c) forbidden from being directory returned to a client in any
circumstance
However, the inital question in this thread was not "what are the best
practices for include files in web applications". It was "in this specific
situation, can I exploit this?" Given the information in the initial post,
and that information alone, the answer was pretty much "no."
Kevin Spett
http://www.spidynamics.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]