On Mon, 3 Dec 2001, Gal Gur-Arie wrote:
> this is a content of PHP file that is name let's say "BringPage.php":
> <?
> function FgetStr($path,$startTAG,$endTAG) {
> if (strstr($path,"/etc/") || strstr($path,"passwd")){
> // if you want to limit or make some validations this is the place
> die;
> }
> $pagefile = fopen($path, "r");
ok. a coplete security breech, right? it is a bad idea to try and mimic
the works of the httpd server - the example of 'blocking' you show here
just indicates how limited it is. the _proper_ way to do this would be to
make the php page fetch the images from the web server that runs on port
8080 - this way, we'll leave it for the server to make these security
tests (even this way is problematic, in case the server on port 8080 gives
more priviledges to clients connecting from 127.0.0.1 - localhost). i
presume this can be done with php (thought i've no idea how, since my php
knowledge is very limited).
by the way, how hard'll it be to explain to your network administrator
that there are quite a few services that use port '8080' (we're not unique
in that aspect) ?
--
guy
"For world domination - press 1,
or dial 0, and please hold, for the creator." -- nob o. dy
----------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED]
Archives available at http://www.mail-archive.com/[email protected]/
