Quote:
Originally posted by goBigtime
This is almost a good suggestion for any canned script -- if you can, always go through and change log file names, admin cgi names.... basically any and every file if you can.
This way if the script becomes popular or worse, a vulnerability in the script becomes known, then it will be harder for people to realize what your running and/or find your weak files.
Of course if you really know what your doing you could just setup mod_rewrite to handle people requesting files they shouldn't be.
|
I don't hard code any file names/options/paths/script names into any of my scripts for that reason. Everything down to the HTML files the script uses to display the control panel are completely customizable in any of my programs.
Programmers should keep that kind of thing in mind. If your script forces the user to do something in a certain way and it later turns out that there is a vulnerability in that process, that vulnerability can burn all of your clients.
SpaceAce