On Sun, 2004-02-08 at 04:14, PHP Email List wrote: > Ok so on this topic, I do something similar to this with my scripts, and if > my includes are vulnerable... I need to know how? > > I have tested this and the includes parse the information as it includes it, > I can't see the code, so how is this possible where you say:
Are you referring to including a file locally, or including a file from a remote server via http? From what I understand this thread is about including a php script from a different server over http. In this case the php code will be viewable if you open it via a web browser. If you know of a way to include a file remotely with php, but not browse to it, please let me know. Presumably you could use apache to restrict access to the file by ip, however that can still be subverted by a man in the middle attack. I would be curious to see an example where this method of including a file would be necessary. -- Adam Bregenzer [EMAIL PROTECTED] http://adam.bregenzer.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php