RE: [PHP] Security of PHP code

[Tim Taubert]

you're totally right.. look at this

http://www.ssw.uni-linz.ac.at/Teaching/Lectures/Sem/2000/Alexander/source.ph
p3?url=/etc/passwd

*no comment* and not my site...

Tim Taubert

---------------------------------------------------------------------
   Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
---------------------------------------------------------------------

.o] -----Original Message-----
.o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]]
.o] Sent: Wednesday, July 04, 2001 4:09 PM
.o] To: [EMAIL PROTECTED]; php-general
.o] Subject: RE: [PHP] Security of PHP code
.o]
.o]
.o] SECURE, SECURE.
.o]
.o] It is not how secure PHP is, it is how well YOU protect it.
.o] For example = make this line show_source($file); then go to
.o] your page like
.o] file.php?file=/etc/passwd and you're freaked!
.o]
.o] There is a whole bunch of way to hack your pages if not protected well
.o] enough, but PHP itself has no vital security problems.
.o]
.o] Try to search the archives for this topic and see what people
.o] think/suggest.
.o] You will find there thousands of tips on what to do to have a
.o] bullet-proof
.o] website. (always of the server is yours).
.o]
.o]
.o] Sincerely,
.o]
.o]  Maxim Maletsky
.o]  Founder, Chief Developer
.o]
.o]  PHPBeginner.com (Where PHP Begins)
.o]  [EMAIL PROTECTED]
.o]  www.phpbeginner.com
.o]
.o]
.o]
.o]
.o] -----Original Message-----
.o] From: David A Dickson [mailto:[EMAIL PROTECTED]]
.o] Sent: Wednesday, July 04, 2001 10:43 PM
.o] To: php-general
.o] Subject: [PHP] Security of PHP code
.o]
.o]
.o] Is it possible for others to view the php code for pages I have
.o] written? I
.o] thought I heard someone say before that they could write a
.o] simple script to
.o] accomplish this. If anyone knows of any tacticts people might
.o] use to attack
.o] my code please post them hee.
.o]
.o] : David A. Dickson
.o] : [EMAIL PROTECTED]
.o]
.o]
.o]
.o]
.o] Get 250 color business cards for FREE!
.o] http://businesscards.lycos.com/vp/fastpath/
.o]
.o] --
.o] PHP General Mailing List (http://www.php.net/)
.o] To unsubscribe, e-mail: [EMAIL PROTECTED]
.o] For additional commands, e-mail: [EMAIL PROTECTED]
.o] To contact the list administrators, e-mail: [EMAIL PROTECTED]
.o]
.o]
.o]
.o] --
.o] PHP General Mailing List (http://www.php.net/)
.o] To unsubscribe, e-mail: [EMAIL PROTECTED]
.o] For additional commands, e-mail: [EMAIL PROTECTED]
.o] To contact the list administrators, e-mail: [EMAIL PROTECTED]
.o]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]