I understand what performance issues this brings, but as for security was just a bit curious. You have just showed me what I was thinking about, but you wrote it much better, clear and structured.
Thank you. 2012/3/26 Stuart Dallas <stu...@3ft9.com>: > On 26 Mar 2012, at 17:41, Alex Pojarsky wrote: > >> Now, as the issue adressed and script removed, can you please explain >> what exactly are the issues of using such approach? I mean security >> ones, not performance. > > It's the wrong solution to a process and organisation problem. Ultimately > it's not really a problem IF you control every part of the infrastructure. > Rene clearly doesn't so it has implications for everyone sharing that > infrastructure, and anyone using the applications hosted there. > > * It requires the host to enable allow_url_fopen which means every single > script on the server is then able to include/require URLs. It just needs one > of them to have a related vulnerability and suddenly people can execute > arbitrary PHP code on the server. > > * Rene mentioned that the code is open source. This implies that the security > risk is lessened because the code that is being made publicly accessible is > already publicly accessible, so the opportunity for someone to find > vulnerabilities already exists. It gets an order of magnitude worse if other > people start ignorantly using his code because they're essentially giving him > the ability to execute arbitrary PHP code on their server. Not good no matter > how much he protests that he won't "be evil." > > * You specifically wished to exclude performance from the discussion, but > scalability is potentially a big issue here and should not be completely > ignored. > > I think the real issue for Rene is that of perceived complexity. The idea of > having to manually keep many copies of the same code in sync is what leads to > finding solutions like this one. This solution leads to unnecessary network > traffic and introduces potential security risks that go way beyond your own > code, and even if it's not a big issue now it has the potential to become > catastrophic! > > I'd put a fair amount of cash on my guess that Rene is not using any form of > source control. To me that is the best solution to this problem. Curtis > mentioned rsync which will also do the job, but in my view you're nuts if > you're not using some form of source control already, and building a largely > automated process around that is trivial and automatically audited. > > Rene: please read a book / website / something on PHP security. Some things > are important whether you believe they are or not. > > -Stuart > > -- > Stuart Dallas > 3ft9 Ltd > http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
