what could be the best way to disable symlink attack
1: i usedisable_functions= symlink,ln at php.ini
2: at .htaccess i disable it as follow with minus sign(-)
Options -FollowSymLinks
Options -SymLinksIfOwnerMatch
is my workings okay. or they are other work round
thank you
Mutago,
In order to suffer from a symlink attack, the user would need shell access to your server.
Do you have users on your server that you fear might try to symlink attack you? If so, that is the bigger problem here.
;-)
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.