User edit bug - community.ez.no

0 like
Like it!

Monday 19 May 2003 8:03:52 am - 1 reply

1 reply

Author	Message
Jo Henrik Endrerud	Tuesday 20 May 2003 10:14:04 am A virtual host setup is usually more secure than a non virtual host setup. This is because you can use Apache's rewrite rules. If you are running a non virtual host setup, you should make sure that all your site.ini.append (and other .append files) are renamed to site.ini.append.php and place everything in these files inside PHP comments. ex: <?php /* [my block] myvariable=3 */ ?> This will help if people get a way to access these files directly (then they will be parsed in the PHP module and all comments are stripped, so the file will be empty for the user). You should also use the wash() function wherever appropriate. Check the template section on http://ez.no/sdk for more information about this Jo Henrik Endrerud \| System Developer @ Seeds Consulting \| http://www.seeds.no

Author

Message

Tuesday 20 May 2003 10:14:04 am

A virtual host setup is usually more secure than a non virtual host setup. This is because you can use Apache's rewrite rules.
If you are running a non virtual host setup, you should make sure that all your site.ini.append (and other .append files) are renamed to site.ini.append.php and place everything in these files inside PHP comments.

ex:

<?php
/*
[my block]
myvariable=3
*/
?>

This will help if people get a way to access these files directly (then they will be parsed in the PHP module and all comments are stripped, so the file will be empty for the user).

You should also use the wash() function wherever appropriate. Check the template section on http://ez.no/sdk for more information about this

Jo Henrik Endrerud | System Developer @ Seeds Consulting | http://www.seeds.no

You must be logged in to post messages in this topic!