Php.info and Security Issues

joe123 · September 08, 2007, 05:41:49 AM

Is there a way to turn off php.info? I think, correct me if I am wrong, that having it on is a security risk for any SMF site.
Joe

!Hachi! · September 08, 2007, 06:49:02 AM

if you upload by yourself you can remove it.i will like to read your above claim about RISK for SMF sites.

Dragooon · September 08, 2007, 06:50:53 AM

How can this be a security risk?

joe123 · September 08, 2007, 11:53:41 AM

Well, having so much info available to the public is not good, I may be wrong. What if a bug is found is mysql ver 1.2.3 and anyone can corrupt the db by doing x,yz.
Knowing that you have mysql 1.2.3 through php.info would give me the advantage of knowing that.

codenaught · October 06, 2007, 03:34:38 PM

Can't you just delete your phpinfo file from your server then?

Or have the file password protected or load SSI.php in it and include an admin check for your SMF.

If I am misunderstanding you, please correct me!

K0H_K1u · October 06, 2007, 03:57:13 PM

Ok who ever told you it is a sec risk is a idiot. End of story.

News:

Php.info and Security Issues

joe123

!Hachi!

Dragooon

joe123

codenaught

K0H_K1u