On Mon, Jul 20, 2009 at 4:25 PM, Daevid Vincent<dae...@daevid.com> wrote: > > >> -----Original Message----- >> From: oxygene...@gmail.com [mailto:oxygene...@gmail.com] On >> Behalf Of Chris Payne >> Sent: Monday, July 20, 2009 12:58 PM >> To: php-general@lists.php.net >> Subject: Re: [PHP] pre-screening pages before served? >> >> On Mon, Jul 20, 2009 at 12:30 PM, Per Jessen<p...@computer.org> wrote: >> > Chris Payne wrote: >> > >> >> Hi everyone, >> >> >> >> Is it possible to have the system pre-screen a page before >> it is sent >> >> to a user? What I mean is, if someone requests index.php >> could I have >> >> a script scan the file before I serves it? >> > >> > Yes, apache has an output filter that can be set up as the >> last stage >> > just before serving a page. >> > >> > >> > /Per >> > >> > -- >> > Per Jessen, Zürich (19.8°C) >> >> Thank you, i'll look into that this evening as it would solve some >> problems i've had. I want my system to check local copies of a page >> against a cache I have of the same page and if they are different it >> won't serve the page and will automatically send me a copy of the page >> via email and restore it to what it should be. A way of protecting >> against attacks. Just 1 stage but I want to be pro-active and always >> be ontop of things. > > Really? This is an actual problem for you? It sounds too me that you have a > malicious user on your server and if so, fire them. If you suspect you've > been hacked from externally, then I would format and re-install -- or use a > backup from a known good date. I've been coding PHP since 1996, and have > NEVER heard of a man-in-the-middle attack like this. It just sounds like you > have other problems and this isn't a solution, it's a band-aid. > > http://daevid.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Sounds like XSS to me. Likely a better validation and sanitation routine would help to clear the issue -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
