2009/1/7 Shawn McKenzie <nos...@mckenzies.net>:
> Daniel Kolbo wrote:
>> Hello,
>> suppose there is a file at http://otherhost.com/remote.php that looks
>> like this:
>> <?php
>> if (!isset($safe_flag))
>> {
>>    die("hacking attempt");
>> }
>> echo "You are in";
>> ?>
>> Suppose i executed the following php file at http://myhost.com/local.php
>> <?php
>> require_once("http://otherhost.com/remote.php";);
>> ?>
>> Is there any way to get local.php to display "You are in", by only
>> modifying local.php?  That is, is there a way to set $safe_flag on the
>> remote host as one requests a file from the remote host from within
>> local.php?
>> I have genuine, academic, non-belligerent intentions when asking this
>> question.
> local.php
> <?php
> $safe_flag = 1;
> require_once("http://otherhost.com/remote.php";);
> ?>

If the remote side is returning the code rather than running it then
anyone can see exactly what to do to get it to work. There is no
security there.

OP: Does otherhost.com run the code or return it?



PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to