PHP Security Tip #15
As developers, most of us are very messy. I’ve worked on countless projects and at each either run across or left a trail of diagnostic files laying around. (info.php, test.php, doMe.php, etc.) These tiles, if found by someone with nefarious intent, can leak valuable information about your system.
Today’s Security tip is:
Don’t forget to purge temporary system diagnostic files.
It would be a shame to spend all that time securing your application only to leave info.php or worse yet, a “quick piece of code” in test.php that could potentially leak dangerous information about your system. Don’t help the ad guys any more than you have to.
=C=
p.s. Got a security tip? Post it! If it’s good enough we’ll share it with everybody else. Just log-in and click the contribute link in the upper right corner.
Comments
A simple line like this would do: "Deny from all"
Andrie:
Good point. Thanks for posting.
pmuellr:
Being an ad guy myself these days, my only comment is to say that it may have been a typo but it’s still valid advice. :) Thanks for posting.
=C=
http://www.google.com/search?q=phpinfo
That's a very simple solution and it bears the danger that, should php parsing fail for any reason, all the content will be displayed.