Stop exposing php_info() to the world?

OpenTechStrategies / lisc-ttm

LISC TTM code. See https://ttm.lisc-chicago.org/.

GNU Affero General Public License v3.0

1 stars 4 forks source link

Stop exposing php_info() to the world? #111

Open tsyesika opened 9 years ago

tsyesika commented 9 years ago

Currently we have https://ttm.lisc-chicago.org/test.php exposed and accessed by anyone. Whilst this page only really has binine data I'm not so sure it's good practice to tell everyone all the specific versions and server info.

I'm thinking this probably shouldn't be exposed?

kfogel commented 9 years ago

Agreed. What's standard way to hide it these days? Block it in the Apache config, or do it at the PHP level somehow? (E.g., by integrating it into the authn system...?)

I'm happy to do whatever the cool kids are doing.

cecilia-donnelly commented 9 years ago

Seconding Karl's agreement, @xray7224.