alindeman Thu Feb 28 20:07:34 2002 EDT
Modified files:
/phpdoc/en/chapters security.xml
Log:
/etc/password -> /etc/passwd
Index: phpdoc/en/chapters/security.xml
diff -u phpdoc/en/chapters/security.xml:1.45 phpdoc/en/chapters/security.xml:1.46
--- phpdoc/en/chapters/security.xml:1.45 Wed Feb 27 14:05:44 2002
+++ phpdoc/en/chapters/security.xml Thu Feb 28 20:07:33 2002
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.45 $ -->
+<!-- $Revision: 1.46 $ -->
<chapter id="security">
<title>Security</title>
@@ -365,7 +365,7 @@
<simpara>
Since PHP was designed to allow user level access to the filesystem,
it's entirely possible to write a PHP script that will allow you
- to read system files such as /etc/password, modify your ethernet
+ to read system files such as /etc/passwd, modify your ethernet
connections, send massive printer jobs out, etc. This has some
obvious implications, in that you need to ensure that the files
that you read from and write to are the appropriate ones.
@@ -1117,7 +1117,7 @@
// somebody else's?
unlink ($evil_var);
-// Write logging of their access... or maybe an /etc/password entry?
+// Write logging of their access... or maybe an /etc/passwd entry?
fputs ($fp, $evil_var);
// Execute something trivial.. or rm -rf *?