You are not logged in. Please login or register.
PunBB Forums → PunBB 1.2 bug reports → phpinfo() should gracefully decline
on textdrive's servers - and some others - by default, will not allow the display of phpinfo().
should there be an if/then in
admin_index.php?action=phpinfo
that says 'phpinfo is not allowed on this machine'?
as it is, nothing is displayed at all - blank
What does the following script output:
<?php
echo (string)@ini_get('disable_functions');
?>Fix.
excellent.
just on the subject of phpinfo(), are there any security ricks in showing it? its shown on mypunbb.com i'm wondering if it would be worth turning it off
if people aren't using the server for development, which in your case, is probably true...
it's a good habit of turning it off. there's lots of information there that doesn't NEED to be broadcast.
in and of itself, it's not a security risk. if however, someone looking for a hole can confirm something using what they read from phpinfo(), then, perhaps.
i find it helpful on a development machine and extra on a production server.
i suppose its a good way of looking for stuff thats enabled for you to exploit
PunBB Forums → PunBB 1.2 bug reports → phpinfo() should gracefully decline
Powered by PunBB, supported by Informer Technologies, Inc.