[drupal-support] Multi-site's gaping security hole
Steve Dondley
sdondley at dondley.com
Tue Oct 25 12:52:24 UTC 2005
On a multi-site set up, it's a trivial matter for someone to create a
node with some PHP code that takes a peak at another site's
settings.php file. Example:
<?php
$file = file ( 'sites/example.com/settings.php' );
foreach ($file as $key => $line) {
print $line;
print "<br />";
}
?>
What's the best practice for eliminating this problem?
--
Dondley Communications
http://www.dondleycommunications.com
Communicate or Die: American Labor Unions and the Internet
http://www.communicateordie.com
More information about the drupal-support
mailing list