Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, August 21, 2001 12:25 PM
Subject: RE: [PHP] hacks we should know about
> I don't host my own site so how can I put include files outside of the web
> root? I log on ftp and my top level IS the web root (htdocs), I can't go
> any higher
So sprach »Ashley M. Kirchner« am 2001-08-21 um 11:46:29 -0700 :
> Dumb question: Can't he create a new folder under his web root (let's call
> it 'incs') and setup an .htaccess file that denies requests to files within
> that?
Yes, he might be able to do so - but it's also possible that the
Alexander Skwar wrote:
> So sprach »Seb Frost« am 2001-08-21 um 18:25:08 +0100 :
> > I don't host my own site so how can I put include files outside of the web
> > root? I log on ftp and my top level IS the web root (htdocs), I can't go
> > any higher.
>
> In this case you can't.
Dumb quest
So sprach »Seb Frost« am 2001-08-21 um 18:25:08 +0100 :
> I don't host my own site so how can I put include files outside of the web
> root? I log on ftp and my top level IS the web root (htdocs), I can't go
> any higher.
In this case you can't.
Alexander Skwar
--
How to quote: http://learn.
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] hacks we should know about
> hi i found it very helpful to know about hacks such as the below list
> and was wondering if anyone had any more dumb mistakes they could tell
> us before we make them.
>
> 1. http://www.somesite.com/source.php3?
Richard Lynch replied:
>...
>
> > - Kills file upload completely
>
>I *think* safe_mode can be on and files can be uploaded if the ISP works at
>it... But they have to want it bad enough to do some configuration. Most
>ISPs want to just install stuff as-is and not take the time to find out how
> just found this article and the author recommends the following for secure
php
> scripting. what do the expects think?
This article has been discussed in excruciating detail on
[EMAIL PROTECTED] and the expert's opinions are archived...
http://php.net/support.php should lead you to this archi
just found this article and the author recommends the following for secure php
scripting. what do the expects think?
- Set register_globals off
This option will stop PHP creating global variables for user input. That is,
if a user submits the form variable 'hello' PHP won't set $hello, only
On 17 Aug 01, at 0:08, [EMAIL PROTECTED] wrote:
Not that I particularly want to turn this thread into a debate about unix
security, but...
> Anyone with a clue doesn't use /etc/passwd anymore *shadow password file*,
> so thats kind of depreciated...
While this is true a great deal of damage ca
ttempt ;)
Cheers,
Lawrence.
-Original Message-
From: ReDucTor [mailto:[EMAIL PROTECTED]]
Sent: August 17, 2001 1:42 PM
To: Bob; Rasmus Lerdorf
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] hacks we should know about
- Original Message -
From: "Bob" <[EMAIL PROTECTED]>
To:
- Original Message -
From: "Bob" <[EMAIL PROTECTED]>
To: "Rasmus Lerdorf" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, August 17, 2001 2:17 PM
Subject: Re: [PHP] hacks we should know about
> rasmus, if password.inc is being parsed
> rasmus, if password.inc is being parsed by php then how would you get the
> code??? won't it just be a blank page??? oh i thought up one more ...
Include files are written to be included. They are tested and debugged in
the scope of the file that is including it. Parsing such an include fil
rasmus, if password.inc is being parsed by php then how would you get the
code??? won't it just be a blank page??? oh i thought up one more ...
4. checking for html tags and php scripting when accepting data from text
boxes
Rasmus Lerdorf wrote:
> > hi i found it very helpful to know about h
-
From: Bob [mailto:[EMAIL PROTECTED]]
Sent: August 17, 2001 11:43 AM
To: [EMAIL PROTECTED]
Subject: [PHP] hacks we should know about
hi i found it very helpful to know about hacks such as the below list
and was wondering if anyone had any more dumb mistakes they could tell
us before we make
> hi i found it very helpful to know about hacks such as the below list
> and was wondering if anyone had any more dumb mistakes they could tell
> us before we make them.
>
> 1. http://www.somesite.com/source.php3?url=/etc/passwd
> 2. http://www.somesite.com?page=../../../../etc/passwd
> 3. not se
hi i found it very helpful to know about hacks such as the below list
and was wondering if anyone had any more dumb mistakes they could tell
us before we make them.
1. http://www.somesite.com/source.php3?url=/etc/passwd
2. http://www.somesite.com?page=../../../../etc/passwd
3. not setting .inc fi
16 matches
Mail list logo
