My 2c worth... IMO, If you download a script and just blindly copy it to your system, then you're just asking for trouble, period - I think you should ALWAYS check code for anything that could be malicious and also check for any loopholes that need to be closed before using it. This might mean changing the names of variables/functions or rewriting some of the code entirely.
I don't trust any code that people send me, I always check it first, if possible... -----Original Message----- From: Michael Sims [mailto:[EMAIL PROTECTED]] Sent: Friday, December 21, 2001 3:20 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Re: Mommy, is it true that...? At 04:51 AM 12/21/2001 +0200, Bogdan Stancescu wrote: > > > > True, but in a shared hosting environment this is very likely. > > > > > >...not to mention open source code. > > > > Oh yeah. Guess I had a mental lapse there. If you are using, say, a > > script downloaded from freshmeat.net and it happens to be poorly secured > > then obviously the entire free world is going to know how to exploit your > > copy of it....duh.... > >Actually that's exactly what I had in mind. Heck, if your point is that they >don't know your URL then what's the point in the whole security issue anyways? I'm sorry, you've lost me. When did the question of knowing URLs come into this? I was referring to a hacker having access to your PHP script source. Freshmeat.net is a very popular database of linux software and includes a wide variety of PHP scripts. My point was that if you downloaded an insecure script from such a popular site then you are asking for trouble because chances are thousands of would-be hackers have ALSO downloaded the same script and have familiarized themselves with ways that it can be exploited... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
