[drupal-support] Multi-site's gaping security hole

25 Oct 2005


      On a multi-site set up, it's a trivial matter for someone to create a
node with some PHP code that takes a peak at another site's
settings.php file.  Example:
<?php
$file = file ( 'sites/example.com/settings.php' );
foreach ($file as $key => $line) {
 print $line;
 print "<br />";
}
?>
What's the best practice for eliminating this problem?
--
Dondley Communications
http://www.dondleycommunications.com
Communicate or Die: American Labor Unions and the Internet
http://www.communicateordie.com

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[drupal-support] Multi-site's gaping security hole