Hi, 2012/4/12 Chris Stockton <chrisstockto...@gmail.com>: > Hello, > > On Wed, Apr 11, 2012 at 4:42 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: >> >> Making sure how it behaves. >> include $_GET['filename']; >> gave free pass to system, right? >> >> Regards, >> > > Why on earth do you insist on continually posting that horrid snippet > of code lol? I can't help but to laugh and suspect that at this point > you are trolling.. In case you are being serious, "include > $_GET['filename'];" is _HORRIBLE_. It's _WRONG_. No one should do it. > _EVER_. For any reason. If a developer is wise enough to use your > corner case proposed fix to circumvent the "attack type" (aka > developer negligence), he is wise enough to come up with a CORRECT > solution.
It seems you are not familiar with real world security. All security issues are WRONG and/or MISTAKES and no one should ever do. If security issues could go away by telling no one should, there will be no incidents. Would let us show how could you teach and enforce self learning teenagers, students, designers or anyone else? How could you stop VPS/Share Server users stop using WRONG code from internet? I suppose you do have good methodology than I have. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
