root permissions. Now if you can view /etc/shadow, then that would be a problem since
that's where the actual passwords are stored (encrypted).
On Thu, 2002-12-12 at 12:53, Shawn McKenzie wrote:
It seems that if I create a php file in my dir at my hosting provider and do
include('/etc/passwd'); then wow, I see the contents of etc/passwd!
Is this expected behavior???
I am looking at creating a script that takes a var in the url and includes
the requested file. The purpose would be for only URLs
(myscript.php?page=http://mysite.com/dir/cool.html, or relative URLs
(myscript.php?page=/dir/cool.html).
Can I do this without allowing someone to include files by filesystem
reference???
Thanks!
Shawn
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
-- Adam Voigt ([EMAIL PROTECTED]) The Cryptocomm Group My GPG Key: http://64.238.252.49:8080/adam_at_cryptocomm.asc |
signature.asc
Description: This is a digitally signed message part
