Parameter validation is a general thing done for security, whether that be if you're using a variable in an include, database credentials, connecting to a web service, etc. You need to make sure that those basic conditions have a highly controlled set of values, not only for security but to make sure the application works correctly. If doing this is unacceptable, that person shouldn't be writing code in the first place.
The more I think about it, the more I realize that remote includes are amazingly powerful and you could build some highly distributed applications and have a very easy way to integrate them. Of course, you'd want to white list, and verify that all the piece parts were being used only on your servers. It'd definitely be an interesting application to design. The streams feature and API is also extremely powerful. Include does not let someone erase your harddrive, unless you have gone out of your way to make Apache run as root and open up all sorts of priviledges it shouldn't have, and doesn't have by default. This thread's pretty much pointless - I recommend you read up on web security in general. Al On Tue, 2005-06-28 at 23:58 -0400, Russell Nelson wrote: > Mike Robinson writes: > > Uh, no. Affordances are > > Okay, I'm wrong about that. I don't need to push that analogy to make > my point. > > > You don't save people by filing down the sharp edges on a tool. You > > do it by telling them it's sharp. > > If you look at a tool, you can tell if it's sharp. If you look at > include, you can't tell that it will happily, Pleasantly, Positively > JOYFULLY execute hostile code if the attacker asks it to and you > haven't told it not to. > > You know, I keep searching for an explanation of why so many people > have had security problems with php. The answer is simple: the people > in charge of php (sorry, Rasmus) think it's okay to create an insecure > language construct without making it clear that it's insecure. > > Now, don't tell me that it's not insecure. Everyone here realizes > (and I know this because they've told me) that programmers who are > concerned about security will always check the values passed into > 'include'. Why would they need to do that if 'include' wasn't > insecure? > > If you have to read the man page to find out that 'include' will let > some random user from a third-world country execute 'rm -rf /' on your > server, then I propose that the problem is not that users didn't read > the man page. The problem is with include, and it needs to be fixed. > > -- > --My blog is at blog.russnelson.com | If you want to find > Crynwr sells support for free software | PGPok | injustice in economic > 521 Pleasant Valley Rd. | +1 315-323-1241 | affairs, look for the > Potsdam, NY 13676-3213 | | hand of a legislator. >
