php-general Digest 20 Jan 2012 03:43:37 -0000 Issue 7657
Topics (messages 316337 through 316341):
pcntl_fork, catching STDOUT of child?
316337 by: Thomas Johnson
Re: if http_referer is not reliable then how do we ...
316338 by: tamouse mailing lists
Re: sessions and expirations and isolations
316339 by: tamouse mailing lists
which server variables from this list can be spoofed?
316340 by: Haluk Karamete
316341 by: Ghodmode
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hello,
PHP noob here. I've been working on writing a script (command-line) that
forks a number of children to do various tasks. I've been using
pcntl_waitpid inside a loop to wait for the children to exit, act on the
results, and fork another copy of the child. Where I seem to be running
into trouble is in managing communication between child and parent, so that
the parent has an indication of result inside the child.
In the past, I've done this in Perl using something along the lines of:
open(FILEHANDLE,"-|");
In Perl, this has the effect of forking the process and attaching the
STDOUT of the child to FILEHANDLE on the parent. Thus, when the child
exits, I read FILEHANDLE to get the output from the child.
Is there a similar way of achieving a similar result in PHP? Am I crazy? So
far, I have tried to communicate between the processes using sockets
(socket_create_pair). However, this seems to be a dead-end, I get a
"connection reset by peer" when I try to socket_read() from the parent. I
assume this is because the socket is closed by the exit of the child.
Any insight or criticism is appreciated.
--
Thomas Johnson
ClaimLynx, Inc. <952-593-5969%20x2302>
--- End Message ---
--- Begin Message ---
On Tue, Jan 17, 2012 at 2:34 AM, ma...@behnke.biz <ma...@behnke.biz> wrote:
> You should not write the recipients email address in a hidden form, but
> instead
> read it from a config file. This way you can make sure, that no one alters it.
> Although this won't stop anyone from using the mailform.
Cannot emphasize this enough -- don't allow anyone to submit the
destination addresses to your script.
--- End Message ---
--- Begin Message ---
On Tue, Jan 17, 2012 at 5:17 PM, Haluk Karamete <halukkaram...@gmail.com> wrote:
> This brings the question to the following;
> WHEN DOES THE SERVER KNOW THAT A USER IS REALLY GONE OR HE CLOSED HIS BROWSER?
Just addressing this quesiton -- you are correct that the browser does
not tell the application when it closes. What *does* happen is that
the cookie associated with that browser session is destroyed or
nullified, thus when the use reopens their browser and opens the
application again, there won't be a session cookie sent to the
application on start.
As explained above, this has nothing to do with how long the session
data may be stored on the server, it just won't be accessed if the
browser has been closed in the meantime.
--- End Message ---
--- Begin Message ---
I marked those I already know as "can",
$_SERVER['REMOTE_ADDR'] CAN
$_SERVER['HTTP_REFERER'] CAN
$_SERVER['HTTP_USER_AGENT'] CAN
$_SERVER['REQUEST_URI'] CAN ( cause it contains the query string
part and user/hacker can easily change that )
Those I'm not too sure are as follows;
$_SERVER['SERVER_NAME']
$_SERVER['DOCUMENT_ROOT']
$_SERVER['SCRIPT_NAME']
$_SERVER['PHP_SELF']
--- End Message ---
--- Begin Message ---
On Fri, Jan 20, 2012 at 10:07 AM, Haluk Karamete
<halukkaram...@gmail.com> wrote:
> I marked those I already know as "can",
>
> $_SERVER['REMOTE_ADDR'] CAN
> $_SERVER['HTTP_REFERER'] CAN
> $_SERVER['HTTP_USER_AGENT'] CAN
> $_SERVER['REQUEST_URI'] CAN ( cause it contains the query string
> part and user/hacker can easily change that )
>
> Those I'm not too sure are as follows;
>
> $_SERVER['SERVER_NAME']
> $_SERVER['DOCUMENT_ROOT']
> $_SERVER['SCRIPT_NAME']
> $_SERVER['PHP_SELF']
All of 'em. However, SERVER_NAME, DOCUMENT_ROOT, and SCRIPT_NAME come
from the server, so it would have to be whoever controls the server
doing the spoofing.
PHP_SELF could probably be faked in the code if done creatively.
Naturally, no one would try to do this intentionally, but I wonder if
something mischievous could be done with this if code was included
from an external source.
--
Ghodmode
http://www.ghodmode.com/blog
--- End Message ---
