Ah OK. So the only only includes should be out of the web tree, or on a
remote site?
Nice one.
Mike Ford wrote:
To view the terms under which this email is distributed, please go to
http://disclaimer.leedsmet.ac.uk/email.htm
On 10 December 2004 22:07, Richard Lynch wrote:
This is a MUCH BIGGER
Greg Donald wrote:
On Fri, 10 Dec 2004 22:00:43 +, KJ <[EMAIL PROTECTED]> wrote:
5. Joe Hacker has studied the script coz he's a tart that wants to piss
people off and he has found a vunerability.
6. Joe Hacker uses the vunerability to change your account passwd. He
then logs in
ssue.
So yes, instead of having a language level feature that could eliminate
this problem let's rely on all of the programmers and web hosts.
Thank you for the discussion.
KJ
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
king about, I hope this is clear. The vunerability I
described in one of my previous posts.
The "worry" that I'm expending comes from being hacked twice using this
method, I think the amount of worry expended is in line with the amount
of frustration that I have endured.
KJ
Richar
Just want to double check that you're using the correct array in $_POST!
Are you using ? If not then you should be using
$_GET, not $_POST.
$_SERVER['REQUEST_METHOD'] will have the method that you are using,
remember to use the corresponding pre-defined variables.
KJ
Stuart F
it
of source code to check if these workarounds have been applied. I would
much rather set a allow_url_include flag to "off", and not have to worry
about that. There are plenty of things you need to worry about when
hosting, and this would create one less.
KJ
--
PHP General Mailing L
eature actually
provides, why would you NOT have a way of disabling it. I would if I
could, and I know of others who would as well.
Any thoughts?
KJ
PS: If you gave someone that you didn't trust access to your scripts
then you're asking for trouble, that was not my point and was not pa
7 matches
Mail list logo
