Page 1 of 1
blocking the dompdf hack
Posted: Thu Apr 22, 2010 12:56 pm
by johnchi
instead of deleting the system/helper/domphp subdirectory to block the hack can i simply rename that subdirectory so i can keep the files in that directory without the program finding them?
john in chicago
Re: blocking the dompdf hack
Posted: Thu Apr 22, 2010 3:00 pm
by rph
That's
security through obscurity and it's not usually looked on as a good solution.
Re: blocking the dompdf hack
Posted: Thu Apr 22, 2010 8:08 pm
by Qphoria
1.4.7 doesn't even come with the main bad dompdf.php file anymore. I left the other classes in for the pdf invoice mod that fido made as it was alleged that they were not dangerous. But I am not taking any chances and going to be looking at a completely different solution in 1.5.x. Something that doesn't allow passing remote urls as a $_GET value