Correct: C (php.ini)
If the php.ini or wp-config . php file is exposed and writable, attackers can modify their settings to manipulate the behavior of your web application...
This can lead to:
• Disabling security features, such as turning off error reporting or enabling dangerous PHP functions
• Enabling or disabling extensions, which can affect the functionality of your application
• Modifying logging settings to cover their tracks or store sensitive information
...
https://www.linkedin.com/pulse/dangers-exposing-phpini-wp-configphp-configuration-files-bojan-vasic/
Can be A (httpd.conf) also correct?
httpd.conf is Apache config, but the question is asking about config file ON the web server (not OF the web server) and file php.ini is for sure stored ON the web server and it is possible to enable verbose logging in php.ini.
In httpd.conf is only one ErrorLog directive for Apache which refers to file log - https://httpd.apache.org/docs/2.4/mod/core.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
NikoTomas
1 month, 1 week ago