Of course, you can always disable certain functions, etc, that you deem to
insecure. PHP is as secure as you make it.
~Nuff said
Jason Lotito
www.NewbieNetwork.net
Where those who can, teach;
and those who can, learn.
> -----Original Message-----
> From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 02, 2001 10:54 PM
> To: Marthe Kristiansen
> Cc: Php-General
> Subject: RE: [PHP] Safety with PHP.
>
>
> So you wrote a script that took a filename as an argument somehow and did
> something with it? That's always going to be insecure unless you do a lot
> of error checking on it.
>
> -Rasmus
>
> On Tue, 3 Apr 2001, Marthe Kristiansen wrote:
>
> > Well, since I'm a newbie and also Norwegian it ain't that easy
> to explain
> > very simple.
> > What he did was that he entered a file that showed all the users of the
> > server, as I said, and he told me this was kindof insecure.
> > To prevent it he showed me a code that would help a bit.
> >
> > $filename=str_replace("..","",$filename);
> > $filename=str_replace("/","",$filename);
> > $filename=str_replace("%20","",$filename);
> >
> > He used /, .. and %20 to reach this file on my server.
> >
> > /Marthe
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
