Search results for query: *

Try deleting all the .PWL files in C:\WINDOWS. These are called Password List files. If someone (or you) entered a USERNAME and no password at the logon prompt at some point, they were asked if this should be a default logon from then on. If they answered yes, they'll never see the logon prompt...

Hi Asdigwe, That will only protect against remote Web users, not other users on the system. The .htaccess files only protect against remote Web users, so a user on the system could still easily access the include files. -Jamie

Rycamor, I think that's the best idea we've heard; the only possible difficulty is that it would require the cooperation of the mysql admin, which in a shared-co-hosted situtation (that is what we're talking about, right?) might be tough. Another possibility is to just not ever store the credit...

The way I see it, if you have big concerns about this, you can do the following: 1) Get your own server and tightly control user-level access to it. Most of these cracks take advantage of user or nobody-level access. 2) Buy and use the encoder. 3) Build and run your own Apache daemon as a...

I agree -- the encoder is the way to go. One thing about your solution, rycamor, is that assuming someone had the ability to write a php script on the server (and I think that's what we're talking about -- other users on the same server) they could merely write a php script to read any file in...

also check devshed (http://www.devshed.com), hotscripts (http://www.hotscripts.com), and of course phpbuilder (http://www.phpbuilder.com)

This is really an application-specific question; I would ask HR in what format they would prefer the info and then do it the way they want.

I think this is a good question and a good idea and hadn't occurred to me until you brought it up. A possible vulnerability is that if you host your site on an ISP's server, they're probably running mod_php and not the CGI version because it's faster. (That's the short version.) However, your...