|
From: | Dmitry Gutov |
Subject: | bug#39563: temp files |
Date: | Tue, 11 Feb 2020 17:15:10 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 |
On 11.02.2020 13:32, Pedro Moreira wrote:
Therefore the code in that file is exposed. If an attacker tries to access files like https://domain.com/index.php~ the server wont interpret that file as php and presents it as plain text exposing the source code.
Would it be better for the server to interpret it as PHP code and allow an arbitrary visitor to run whatever intermediary version of your code that's in the backup?
[Prev in Thread] | Current Thread | [Next in Thread] |