[wp-hackers] Keeping database connection info safe
Joseph Scott
joseph at randomnetworks.com
Sat Feb 25 03:44:00 GMT 2006
Rob wrote:
>
> But then what's to stop the inevitable
>
> <?php
> /*
> Plugin Name: Evil
> */
>
> foreach(glob(ABSPATH.'/*') as $file) {
> unlink($file);
> }
>
> ?>
>
> There's no way of stopping malicious code from running other than
> reviewing it before you run.
Properly set permissions should stop that from working. The plugin
would be run as the web server user, who doesn't need write permissions
in order to run PHP code.
--
Joseph Scott
joseph at randomnetworks.com
http://joseph.randomnetworks.com/
More information about the wp-hackers
mailing list