** Reply to note from Matthew Palmer <[EMAIL PROTECTED]> Tue, 5 Aug 2003 17:57:07 +1000
> Certainly, if all of the include files has (as they should) nothing but > function and class definitions, there's *nothing* an attacker could do by > grabbing these files directly - no code will actually be run. And if they > get the source code (because the files don't have a .php extension), who > cares - they could get the source from a regular download anyway (unless > it's an internally written thing, which I'd hope would be properly secured > anyway). Matt, thanks. in a situation where I can have a user placing a potentially poorly written PHP code in his webserver that is vhost on my box, what should one be doing to protect the box from such mishaps, any suggestions to minimize the potential risk ? Voytek Eymont -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
