This presumes you are putting fortress and the fortress DB in your root directory. There are several reasons why you might NOT want to do this-- you (1) want to password protect the entire directory that the database file is in (2) want it in some arbitrary, non-guessable directory, or (2) don't want it accessible at all from the web.
There are a few fixes for this, but I'll leave it up to you to come up with your own.
Bug #2:
Line ~512 or so...
Code:
function Alligators($Food) {
die("Banned by $Food"); }
$Food is defined as row #8 of the record pulled from the database. Unfortunately, when I just hit my own site with a test exploit, row #8 comes up blank. So I get a message:
Quote:
Banned by
with nothing after it. Using Safari/OS X for what it's worth. A solution might be to put something like this at the top of the function:
Code:
if (!isset($Food) {$Food=" me, you person.";}
Oh, one last thought-- a tip on making apache be able to write to the csv and htm files-- make the directory world-writable. As it turns out, this was necessary for me. This was really the reason I put those files in a subdirectory-- I don't want apache writing to the same directory all the other crap is in.
Just thought I'd pass along the love. Nice work on this so far. Hope comma seperated flat files don't slow page loads too much...
W
Zhen-Xjell Nuke Cops Founder
Joined: Nov 14, 2002
Posts: 5939
Posted:
Tue Jun 08, 2004 4:15 am
Thanks for the tip, and that is a nice idea... if it can't pull it, just default it. TY
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
