Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Fwd: PHP Easter Eggs

from [Alexander Klimov] Network Security [Permanent Link]
Subject: Re: Fwd: PHP Easter Eggs
Date: Mon, 29 Nov 2004 22:54:45 +0200 (IST) 
On Sun, 28 Nov 2004, Andi McLean wrote:

Does anyone know about the easter eggs in PHP?
I've just found out about them, My trust in PHP has just had a major set back,
as I'm wondering what other easter eggs there are and can any be used to
circumenvent the protection I have on my site.
I feel like I now need to have a look at the source code, to find out what
else is there.


Note that the configuration file is the only thing you should look at. This is
what you could see in the default (as well as in the recomended) php.ini:

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
expose_php = On

The point is that it is by no means hidden or explained only in a fine print in
some obscure place (e.g, only as a comment in source code) -- in contrary it is
explained in the place which you (as an administrator)  simply can't avoid
reading if you configure php at all.

-- 
Regards,
ASK
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Article - A solution to phishing, focus
Next by Date:  Re: Article - A solution to phishing, Michael Silk
Previous by Thread:  Re: PHP Easter Eggs, Serban Gh. Ghita
Next by Thread:  RE: PHP Easter Eggs, Krul Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]