On Sun, 28 Nov 2004, Andi McLean wrote:
> Does anyone know about the easter eggs in PHP?
> I've just found out about them, My trust in PHP has just had a major set back,
> as I'm wondering what other easter eggs there are and can any be used to
> circumenvent the protection I have on my site.
> I feel like I now need to have a look at the source code, to find out what
> else is there.

Note that the configuration file is the only thing you should look at. This is
what you could see in the default (as well as in the recomended) php.ini:

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
expose_php = On

The point is that it is by no means hidden or explained only in a fine print in
some obscure place (e.g, only as a comment in source code) -- in contrary it is
explained in the place which you (as an administrator) simply can't avoid
reading if you configure php at all.

--
Regards,
ASK

[ reply ]

On Sun, 28 Nov 2004, Andi McLean wrote:<br/>
> Does anyone know about the easter eggs in PHP?<br/>
> I've just found out about them, My trust in PHP has just had a major set back,<br/>
> as I'm wondering what other easter eggs there are and can any be used to<br/>
> circumenvent the protection I have on my site.<br/>
> I feel like I now need to have a look at the source code, to find out what<br/>
> else is there.<br/>
<br/>
Note that the configuration file is the only thing you should look at. This is<br/>
what you could see in the default (as well as in the recomended) php.ini:<br/>
<br/>
; Decides whether PHP may expose the fact that it is installed on the server<br/>
; (e.g. by adding its signature to the Web server header). It is no security<br/>
; threat in any way, but it makes it possible to determine whether you use PHP<br/>
; on your server or not.<br/>
expose_php = On<br/>
<br/>
The point is that it is by no means hidden or explained only in a fine print in<br/>
some obscure place (e.g, only as a comment in source code) -- in contrary it is<br/>
explained in the place which you (as an administrator) simply can't avoid<br/>
reading if you configure php at all.<br/>
<br/>
-- <br/>
Regards,<br/>
ASK

[ reply ]