Simon Schick <simonsimc...@googlemail.com> hat am 27. April 2012 um 00:47
> On Thu, Apr 26, 2012 at 3:59 PM, mirrys.net <mirrys....@gmail.com> wrote:
> > Thank you for your help Marco & Simon. No doubt, your code is much
> > cleaner and better.
> > One more question, without any filter or something could be my
> > original code somehow compromised (mean some security bug)? Or rather
> > was a major problem in the possibility of a script crash?
> Hi, Mirrys
> I personally can not see a security-hole at the first view ...
> Stuff in the global server-variable should only be set by the
> webserver and therefore it should be kind-of save (depending on the
> quality of the configuration of the webserver ;))
No, that is not correct. The Forwarded IP for example is generated by the
requesting Proxy Server and can therefor be manipulated.
But as far as your code simply writes this data into some textfile which is
never read inside you application or executed on your shell , there should
be no security reason.
> That was also the main reason why I would do a validation-check for this.
> Talking about a script-crash ... I don't know ... I just found this
> line in a comment for the function gethostbyaddress()
> > If you use gethostbyaddr() with a bad IP address then it will send an
error message to the error log.
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php