0000206: [security bug] bad style of programming

ID	Project	Category	View Status	Date Submitted	Last Update

0000206	Main CAcert Website	source code	public	2006-04-16 10:51	2013-11-20 22:23

Reporter	blshkv	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Fixed in Version	2006

Summary	0000206: [security bug] bad style of programming
Description	Don't rely on configuration of a web server. It's bad idea to keep sensitive include files within webroot directory if you can keep it outside. For example: account.php: correct: outside from WEBROOT: include("../includes/account.php"); WRONG: inside of WEBROOT: if($id == 6) { include_once("../www/account/6.php"); exit; } else if($id == 19) { include_once("../www/account/19.php");
Tags	No tags attached.

Reviewed by
Test Instructions

Date Modified	Username	Field	Change
2006-04-16 10:51	blshkv	New Issue
2006-04-21 06:46	duane	Status	new => closed
2006-04-21 06:46	duane	Resolution	open => fixed
2006-04-21 06:46	duane	Fixed in Version	=> production
2006-04-24 05:21	~~bluec~~	Note Added: 0000194
2006-04-24 05:21	~~bluec~~	Assigned To	=> bluec
2006-04-24 05:21	~~bluec~~	Status	closed => needs work
2006-05-29 05:11	~~bluec~~	Note Added: 0000238
2006-05-29 05:11	~~bluec~~	Assigned To	bluec =>
2006-05-29 05:11	~~bluec~~	Status	needs work => closed
2013-01-14 03:35	Werner Dworak	Fixed in Version	=> 2006
2013-11-20 22:23	NEOatNHNG	View Status	private => public

~~bluec~~ 2006-04-24 05:21 manager ~0000194	Changes not yet visible in tarball.

~~bluec~~ 2006-05-29 05:11 manager ~0000238	Tarball has been updated and looks good.