[wp-hackers] Keeping database connection info safe
Rob
r at robm.me.uk
Sat Feb 25 02:52:22 GMT 2006
Joseph Scott wrote:
>
> You are absolutely correct. I must admit that I hadn't though about
> re-including the wp-config.php file. Well that bites. Is there any
> way to really protect against this in either PHP4 or PHP5? I'm
> inclined at this point to say no and that everyone better be scanning
> their plugins for "evil". Has anyone put together a list of things
> that should raise the red flag when they see it in a plugin?
>
>
> --
> Joseph Scott
> joseph at randomnetworks.com
> http://joseph.randomnetworks.com/
>
>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
But then what's to stop the inevitable
<?php
/*
Plugin Name: Evil
*/
foreach(glob(ABSPATH.'/*') as $file) {
unlink($file);
}
?>
?
There's no way of stopping malicious code from running other than
reviewing it before you run.
--
Rob Miller
http://robm.me.uk/ | http://kantian.co.uk/
More information about the wp-hackers
mailing list