RE: [PHP] Security of PHP code

Wed, 04 Jul 2001 07:45:52 -0700 

Just for the respect of the community, Tim, you shouldn't have posted that.
Poor them, they are under the risks, of course the things will be probably
fixed, but if someone cares he might be already in the machine just for the
sake of it.

-maxim maletsky


-----Original Message-----
From: Tim Taubert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 05, 2001 12:09 AM
To: PHP Mailingliste
Subject: RE: [PHP] Security of PHP code


oh thanks for the disclaimer ;) forgot it..

richard: didn't think about it.. but should have done it.. first and last
time i did it *promised*
:)

Tim Taubert

---------------------------------------------------------------------
   Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
---------------------------------------------------------------------

.o] -----Original Message-----
.o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]]
.o] Sent: Wednesday, July 04, 2001 5:09 PM
.o] To: [EMAIL PROTECTED]; PHP Mailingliste
.o] Subject: RE: [PHP] Security of PHP code
.o]
.o]
.o] Yup, I believe you - that's not your site.
.o]
.o] That is what I meant: It is no PHP, it is how you use PHP.
.o]
.o] DISCLAIMER:
.o] No one's fault (except the programmer) that there was THAT BIG security
hole
.o] on the site.
.o]
.o] -maxim maletsky
.o]
.o]
.o]
.o]
.o] -----Original Message-----
.o] From: Tim Taubert [mailto:[EMAIL PROTECTED]]
.o] Sent: Wednesday, July 04, 2001 11:58 PM
.o] To: PHP Mailingliste
.o] Subject: RE: [PHP] Security of PHP code
.o]
.o]
.o] you're totally right.. look at this
.o]
.o]
http://www.ssw.uni-linz.ac.at/Teaching/Lectures/Sem/2000/Alexander/source.ph
.o] p3?url=/etc/passwd
.o]
.o] *no comment* and not my site...
.o]
.o] Tim Taubert
.o]
.o] ---------------------------------------------------------------------
.o]    Tim Taubert | [EMAIL PROTECTED] | http://www.shogunat.com/rg/
.o] ---------------------------------------------------------------------
.o]
.o] .o] -----Original Message-----
.o] .o] From: PHPBeginner.com [mailto:[EMAIL PROTECTED]]
.o] .o] Sent: Wednesday, July 04, 2001 4:09 PM
.o] .o] To: [EMAIL PROTECTED]; php-general
.o] .o] Subject: RE: [PHP] Security of PHP code
.o] .o]
.o] .o]
.o] .o] SECURE, SECURE.
.o] .o]
.o] .o] It is not how secure PHP is, it is how well YOU protect it.
.o] .o] For example = make this line show_source($file); then go to
.o] .o] your page like
.o] .o] file.php?file=/etc/passwd and you're freaked!
.o] .o]
.o] .o] There is a whole bunch of way to hack your pages if not protected
well
.o] .o] enough, but PHP itself has no vital security problems.
.o] .o]
.o] .o] Try to search the archives for this topic and see what people
.o] .o] think/suggest.
.o] .o] You will find there thousands of tips on what to do to have a
.o] .o] bullet-proof
.o] .o] website. (always of the server is yours).
.o] .o]
.o] .o]
.o] .o] Sincerely,
.o] .o]
.o] .o]  Maxim Maletsky
.o] .o]  Founder, Chief Developer
.o] .o]
.o] .o]  PHPBeginner.com (Where PHP Begins)
.o] .o]  [EMAIL PROTECTED]
.o] .o]  www.phpbeginner.com
.o] .o]
.o] .o]
.o] .o]
.o] .o]
.o] .o] -----Original Message-----
.o] .o] From: David A Dickson [mailto:[EMAIL PROTECTED]]
.o] .o] Sent: Wednesday, July 04, 2001 10:43 PM
.o] .o] To: php-general
.o] .o] Subject: [PHP] Security of PHP code
.o] .o]
.o] .o]
.o] .o] Is it possible for others to view the php code for pages I have
.o] .o] written? I
.o] .o] thought I heard someone say before that they could write a
.o] .o] simple script to
.o] .o] accomplish this. If anyone knows of any tacticts people might
.o] .o] use to attack
.o] .o] my code please post them hee.
.o] .o]
.o] .o] : David A. Dickson
.o] .o] : [EMAIL PROTECTED]
.o] .o]
.o] .o]
.o] .o]
.o] .o]
.o] .o] Get 250 color business cards for FREE!
.o] .o] http://businesscards.lycos.com/vp/fastpath/
.o] .o]
.o] .o] --
.o] .o] PHP General Mailing List (http://www.php.net/)
.o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED]
.o] .o] For additional commands, e-mail: [EMAIL PROTECTED]
.o] .o] To contact the list administrators, e-mail:
[EMAIL PROTECTED]
.o] .o]
.o] .o]
.o] .o]
.o] .o] --
.o] .o] PHP General Mailing List (http://www.php.net/)
.o] .o] To unsubscribe, e-mail: [EMAIL PROTECTED]
.o] .o] For additional commands, e-mail: [EMAIL PROTECTED]
.o] .o] To contact the list administrators, e-mail:
[EMAIL PROTECTED]
.o] .o]
.o]
.o]
.o] --
.o] PHP General Mailing List (http://www.php.net/)
.o] To unsubscribe, e-mail: [EMAIL PROTECTED]
.o] For additional commands, e-mail: [EMAIL PROTECTED]
.o] To contact the list administrators, e-mail: [EMAIL PROTECTED]
.o]
.o]


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to