[wp-hackers] xmlrpc.php's location
C. Rummel
rummel at gmail.com
Fri Sep 17 19:44:36 UTC 2004
On Fri, 17 Sep 2004 20:28:54 +0100, Mike Little <journalized at gmail.com> wrote:
> For instance, the last couple of PHP applications I have written have
> ended up with just two php files in the document root. Every other php
> file was included from an appropriate directory outside the document
> root. Incredibly safe when your hosting service accidentally turns off
> PHP parsing and apache delivers raw php source!
That is definitively the way to go, securitywise. Drawback is it makes
installation a lot more complicated. And not everybody has access to
directories outside of document root.
Chris
More information about the hackers
mailing list