At 04:51 AM 12/21/2001 +0200, Bogdan Stancescu wrote: > > > > True, but in a shared hosting environment this is very likely. > > > > > >...not to mention open source code. > > > > Oh yeah. Guess I had a mental lapse there. If you are using, say, a > > script downloaded from freshmeat.net and it happens to be poorly secured > > then obviously the entire free world is going to know how to exploit your > > copy of it....duh.... > >Actually that's exactly what I had in mind. Heck, if your point is that they >don't know your URL then what's the point in the whole security issue anyways?
I'm sorry, you've lost me. When did the question of knowing URLs come into this? I was referring to a hacker having access to your PHP script source. Freshmeat.net is a very popular database of linux software and includes a wide variety of PHP scripts. My point was that if you downloaded an insecure script from such a popular site then you are asking for trouble because chances are thousands of would-be hackers have ALSO downloaded the same script and have familiarized themselves with ways that it can be exploited... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]