BugTraq
Back to list
|
Post reply
Re: PHP Advanced Transfer Manager Download users password hashes
Jun 13 2006 01:26PM
jn hz6 de
The phpatm support forum (currently down) advises administrators to put a .htaccess into the users directory with the following content:
# no one gets in here!
order allow,deny
deny from all
Furthermore the website recommends to rename the "users" directory and change the corresponding variable in the config-file.
These two things done, it is no longer possible to download the hashes.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
# no one gets in here!
order allow,deny
deny from all
Furthermore the website recommends to rename the "users" directory and change the corresponding variable in the config-file.
These two things done, it is no longer possible to download the hashes.
[ reply ]