[prev in list] [next in list] [prev in thread] [next in thread] 

List:       phpauction
Subject:    [PHPAUCTION] for security
From:       moeru () pileup ! com (moeru)
Date:       2000-03-23 11:50:14
[Download RAW message or body]


Hello all.

I'm very interested in this project.
I'll make some little addon programs and upload it when PHPAUCTION is run at my site.

I changed config.inc for security reason.
Current version of PHPAUCTION is crackable.
Already known this?

I can't understand how to use CVS yet.
So I post a little info as follows.


1, Move /includes/ directory without web publishing diorectory.

$pass_dir               = "/var/www/PHPAUCTION/phpauction/includes/"; 
$include_dir        = "/var/www/PHPAUCTION/phpauction/includes/";

move to like this
$pass_dir               = "/home/user/phpauction/includes/"; 
$include_dir        = "/home/user/phpauction/includes/";


2, Don't use login.php3

  /admin/login.php3

And Password Protect /admin/ diretory(Use htpasswd)


Moeru
--PHPAUCTION MAILING LIST

[prev in list] [next in list] [prev in thread] [next in thread]