Yup, I believe you - that's not your site.
That is what I meant: It is no PHP, it is how you use PHP.
DISCLAIMER:
No one's fault (except the programmer) that there was THAT BIG security hole
on the site.
-maxim maletsky
-----Original Message-----
From: Tim Taubert [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 04, 2001 11:58 PM
To: PHP Mailingliste
Subject: RE: [PHP] Security of PHP code
you're totally right.. look at this
http://www.ssw.uni-linz.ac.at/Teaching/Lectures/Sem/2000/Alexander/source.ph
p3?url=/etc/passwd
*no comment* and not my site...
Tim Taubert
---------------------------------------------------------------------
Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
---------------------------------------------------------------------
.o] -----Original Message-----
.o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]]
.o] Sent: Wednesday, July 04, 2001 4:09 PM
.o] To: [EMAIL PROTECTED]; php-general
.o] Subject: RE: [PHP] Security of PHP code
.o]
.o]
.o] SECURE, SECURE.
.o]
.o] It is not how secure PHP is, it is how well YOU protect it.
.o] For example = make this line show_source($file); then go to
.o] your page like
.o] file.php?file=/etc/passwd and you're freaked!
.o]
.o] There is a whole bunch of way to hack your pages if not protected well
.o] enough, but PHP itself has no vital security problems.
.o]
.o] Try to search the archives for this topic and see what people
.o] think/suggest.
.o] You will find there thousands of tips on what to do to have a
.o] bullet-proof
.o] website. (always of the server is yours).
.o]
.o]
.o] Sincerely,
.o]
.o] Maxim Maletsky
.o] Founder, Chief Developer
.o]
.o] PHPBeginner.com (Where PHP Begins)
.o] [EMAIL PROTECTED]
.o] www.phpbeginner.com
.o]
.o]
.o]
.o]
.o] -----Original Message-----
.o] From: David A Dickson [mailto:[EMAIL PROTECTED]]
.o] Sent: Wednesday, July 04, 2001 10:43 PM
.o] To: php-general
.o] Subject: [PHP] Security of PHP code
.o]
.o]
.o] Is it possible for others to view the php code for pages I have
.o] written? I
.o] thought I heard someone say before that they could write a
.o] simple script to
.o] accomplish this. If anyone knows of any tacticts people might
.o] use to attack
.o] my code please post them hee.
.o]
.o] : David A. Dickson
.o] : [EMAIL PROTECTED]
.o]
.o]
.o]
.o]
.o] Get 250 color business cards for FREE!
.o] http://businesscards.lycos.com/vp/fastpath/
.o]
.o] --
.o] PHP General Mailing List (http://www.php.net/)
.o] To unsubscribe, e-mail: [EMAIL PROTECTED]
.o] For additional commands, e-mail: [EMAIL PROTECTED]
.o] To contact the list administrators, e-mail: [EMAIL PROTECTED]
.o]
.o]
.o]
.o] --
.o] PHP General Mailing List (http://www.php.net/)
.o] To unsubscribe, e-mail: [EMAIL PROTECTED]
.o] For additional commands, e-mail: [EMAIL PROTECTED]
.o] To contact the list administrators, e-mail: [EMAIL PROTECTED]
.o]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
