found 2 other servers having the same problem... mailed to the webmasters and admins
instead of
posting it.. now i feel a little bit better :)
Tim Taubert
---------------------------------------------------------------------
Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
---------------------------------------------------------------------
.o] -----Original Message-----
.o] From: Tim Taubert [mailto:[EMAIL PROTECTED]]
.o] Sent: Wednesday, July 04, 2001 5:16 PM
.o] To: PHP Mailingliste
.o] Subject: RE: [PHP] Security of PHP code
.o]
.o]
.o] mh i know it was the wrong decision. didn't think about it. already said that.
feeling
.o] guilty now
.o] *argh*
.o]
.o] Tim Taubert
.o]
.o] ---------------------------------------------------------------------
.o] Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
.o] ---------------------------------------------------------------------
.o]
.o] .o] -----Original Message-----
.o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]]
.o] .o] Sent: Wednesday, July 04, 2001 5:17 PM
.o] .o] To: [EMAIL PROTECTED]; PHP Mailingliste
.o] .o] Subject: RE: [PHP] Security of PHP code
.o] .o]
.o] .o]
.o] .o] Just for the respect of the community, Tim, you shouldn't have posted that.
.o] .o] Poor them, they are under the risks, of course the things will be probably
.o] .o] fixed, but if someone cares he might be already in the machine just for the
.o] .o] sake of it.
.o] .o]
.o] .o] -maxim maletsky
.o] .o]
.o] .o]
.o] .o] -----Original Message-----
.o] .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]]
.o] .o] Sent: Thursday, July 05, 2001 12:09 AM
.o] .o] To: PHP Mailingliste
.o] .o] Subject: RE: [PHP] Security of PHP code
.o] .o]
.o] .o]
.o] .o] oh thanks for the disclaimer ;) forgot it..
.o] .o]
.o] .o] richard: didn't think about it.. but should have done it.. first and last
.o] .o] time i did it *promised*
.o] .o] :)
.o] .o]
.o] .o] Tim Taubert
.o] .o]
.o] .o] ---------------------------------------------------------------------
.o] .o] Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
.o] .o] ---------------------------------------------------------------------
.o] .o]
.o] .o] .o] -----Original Message-----
.o] .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]]
.o] .o] .o] Sent: Wednesday, July 04, 2001 5:09 PM
.o] .o] .o] To: [EMAIL PROTECTED]; PHP Mailingliste
.o] .o] .o] Subject: RE: [PHP] Security of PHP code
.o] .o] .o]
.o] .o] .o]
.o] .o] .o] Yup, I believe you - that's not your site.
.o] .o] .o]
.o] .o] .o] That is what I meant: It is no PHP, it is how you use PHP.
.o] .o] .o]
.o] .o] .o] DISCLAIMER:
.o] .o] .o] No one's fault (except the programmer) that there was THAT BIG security
.o] .o] hole
.o] .o] .o] on the site.
.o] .o] .o]
.o] .o] .o] -maxim maletsky
.o] .o] .o]
.o] .o] .o]
.o] .o] .o]
.o] .o] .o]
.o] .o] .o] -----Original Message-----
.o] .o] .o] From: Tim Taubert [mailto:[EMAIL PROTECTED]]
.o] .o] .o] Sent: Wednesday, July 04, 2001 11:58 PM
.o] .o] .o] To: PHP Mailingliste
.o] .o] .o] Subject: RE: [PHP] Security of PHP code
.o] .o] .o]
.o] .o] .o]
.o] .o] .o] you're totally right.. look at this
.o] .o] .o]
.o] .o] .o]
.o] .o] ************************censored**********************************
.o] .o] .o]
.o] .o] .o] *no comment* and not my site...
.o] .o] .o]
.o] .o] .o] Tim Taubert
.o] .o] .o]
.o] .o] .o] ---------------------------------------------------------------------
.o] .o] .o] Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
.o] .o] .o] ---------------------------------------------------------------------
.o] .o] .o]
.o] .o] .o] .o] -----Original Message-----
.o] .o] .o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]]
.o] .o] .o] .o] Sent: Wednesday, July 04, 2001 4:09 PM
.o] .o] .o] .o] To: [EMAIL PROTECTED]; php-general
.o] .o] .o] .o] Subject: RE: [PHP] Security of PHP code
.o] .o] .o] .o]
.o] .o] .o] .o]
.o] .o] .o] .o] SECURE, SECURE.
.o] .o] .o] .o]
.o] .o] .o] .o] It is not how secure PHP is, it is how well YOU protect it.
.o] .o] .o] .o] For example = make this line show_source($file); then go to
.o] .o] .o] .o] your page like
.o] .o] .o] .o] file.php?file=/etc/passwd and you're freaked!
.o] .o] .o] .o]
.o] .o] .o] .o] There is a whole bunch of way to hack your pages if not protected
.o] .o] well
.o] .o] .o] .o] enough, but PHP itself has no vital security problems.
.o] .o] .o] .o]
.o] .o] .o] .o] Try to search the archives for this topic and see what people
.o] .o] .o] .o] think/suggest.
.o] .o] .o] .o] You will find there thousands of tips on what to do to have a
.o] .o] .o] .o] bullet-proof
.o] .o] .o] .o] website. (always of the server is yours).
.o] .o] .o] .o]
.o] .o] .o] .o]
.o] .o] .o] .o] Sincerely,
.o] .o] .o] .o]
.o] .o] .o] .o] Maxim Maletsky
.o] .o] .o] .o] Founder, Chief Developer
.o] .o] .o] .o]
.o] .o] .o] .o] PHPBeginner.com (Where PHP Begins)
.o] .o] .o] .o] [EMAIL PROTECTED]
.o] .o] .o] .o] www.phpbeginner.com
.o] .o] .o] .o]
.o] .o] .o] .o]
.o] .o] .o] .o]
.o] .o] .o] .o]
.o] .o] .o] .o] -----Original Message-----
.o] .o] .o] .o] From: David A Dickson [mailto:[EMAIL PROTECTED]]
.o] .o] .o] .o] Sent: Wednesday, July 04, 2001 10:43 PM
.o] .o] .o] .o] To: php-general
.o] .o] .o] .o] Subject: [PHP] Security of PHP code
.o] .o] .o] .o]
.o] .o] .o] .o]
.o] .o] .o] .o] Is it possible for others to view the php code for pages I have
.o] .o] .o] .o] written? I
.o] .o] .o] .o] thought I heard someone say before that they could write a
.o] .o] .o] .o] simple script to
.o] .o] .o] .o] accomplish this. If anyone knows of any tacticts people might
.o] .o] .o] .o] use to attack
.o] .o] .o] .o] my code please post them hee.
.o] .o] .o] .o]
.o] .o] .o] .o] : David A. Dickson
.o] .o] .o] .o] : [EMAIL PROTECTED]
.o] .o] .o] .o]
.o] .o] .o] .o]
.o] .o] .o] .o]
.o] .o] .o] .o]
.o] .o] .o] .o] Get 250 color business cards for FREE!
.o] .o] .o] .o] http://businesscards.lycos.com/vp/fastpath/
.o] .o] .o] .o]
.o] .o] .o] .o] --
.o] .o] .o] .o] PHP General Mailing List (http://www.php.net/)
.o] .o] .o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED]
.o] .o] .o] .o] For additional commands, e-mail: [EMAIL PROTECTED]
.o] .o] .o] .o] To contact the list administrators, e-mail:
.o] .o] [EMAIL PROTECTED]
.o] .o] .o] .o]
.o] .o] .o] .o]
.o] .o] .o] .o]
.o] .o] .o] .o] --
.o] .o] .o] .o] PHP General Mailing List (http://www.php.net/)
.o] .o] .o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED]
.o] .o] .o] .o] For additional commands, e-mail: [EMAIL PROTECTED]
.o] .o] .o] .o] To contact the list administrators, e-mail:
.o] .o] [EMAIL PROTECTED]
.o] .o] .o] .o]
.o] .o] .o]
.o] .o] .o]
.o] .o] .o] --
.o] .o] .o] PHP General Mailing List (http://www.php.net/)
.o] .o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED]
.o] .o] .o] For additional commands, e-mail: [EMAIL PROTECTED]
.o] .o] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED]
.o] .o] .o]
.o] .o] .o]
.o] .o]
.o] .o]
.o] .o] --
.o] .o] PHP General Mailing List (http://www.php.net/)
.o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED]
.o] .o] For additional commands, e-mail: [EMAIL PROTECTED]
.o] .o] To contact the list administrators, e-mail: [EMAIL PROTECTED]
.o] .o]
.o] .o]
.o]
.o]
.o] --
.o] PHP General Mailing List (http://www.php.net/)
.o] To unsubscribe, e-mail: [EMAIL PROTECTED]
.o] For additional commands, e-mail: [EMAIL PROTECTED]
.o] To contact the list administrators, e-mail: [EMAIL PROTECTED]
.o]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
