logo       
Google Custom Search
    AddThis Social Bookmark Button
<prev   next>
-->

Multi-site's gaping security hole: msg#00109

Subject: Multi-site's gaping security hole 
On a multi-site set up, it's a trivial matter for someone to create a
node with some PHP code that takes a peak at another site's
settings.php file.  Example:

<?php

$file = file ( 'sites/example.com/settings.php' );

foreach ($file as $key => $line) {
 print $line;
 print "<br />";
}

?>

What's the best practice for eliminating this problem?


--
Dondley Communications
http://www.dondleycommunications.com

Communicate or Die: American Labor Unions and the Internet
http://www.communicateordie.com
--
[ Drupal support list | http://lists.drupal.org/ ]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Imnvite module limits, Larry
Next by Date:  Re: Multi-site's gaping security hole, Gerhard Killesreiter
Previous by Thread:  Imnvite module limits, Larry
Next by Thread:  Re: Multi-site's gaping security hole, Gerhard Killesreiter
Indexes:  [Date] [Thread] [Top] [All Lists]

    ^^^ ADDITIONAL NAVIGATION ^^^

  
Google Custom Search

Recently Viewed:
mail.spam.rbl.s...    php.seagull.gen...    culture.religio...    qnx.openqnx.dev...    gnome.love/2006...    bug-tracking.re...    user-groups.lin...    yellowdog.gener...    handhelds.ipaq....    kde.announce/20...    java.mx4j.devel...    xfree86.expert/...    recreation.cars...    text.xml.expat....    web.zope.zope3/...    version-control...    db.carob.cvs/20...    freebsd.perform...    ecos.cvs/2003-0...    linux.hotplug.d...    systemtap/2006-...    os.freebsd.secu...   
Home | blog view | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo