My 2c worth...

IMO, If you download a script and just blindly copy it to your system, then
you're just asking for trouble, period - I think you should ALWAYS check
code for anything that could be malicious and also check for any loopholes
that need to be closed before using it. This might mean changing the names
of variables/functions or rewriting some of the code entirely.

I don't trust any code that people send me, I always check it first, if

-----Original Message-----
From: Michael Sims [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 3:20 PM
Subject: Re: [PHP] Re: Mommy, is it true that...?

At 04:51 AM 12/21/2001 +0200, Bogdan Stancescu wrote:
> > > > True, but in a shared hosting environment this is very likely.
> > >
> > >...not to mention open source code.
> >
> > Oh yeah.  Guess I had a mental lapse there.  If you are using, say, a
> > script downloaded from and it happens to be poorly secured
> > then obviously the entire free world is going to know how to exploit
> > copy of it....duh....
>Actually that's exactly what I had in mind. Heck, if your point is that
>don't know your URL then what's the point in the whole security issue

I'm sorry, you've lost me.  When did the question of knowing URLs come into 
this?  I was referring to a hacker having access to your PHP script source. is a very popular database of linux software and includes a 
wide variety of PHP scripts.  My point was that if you downloaded an 
insecure script from such a popular site then you are asking for trouble 
because chances are thousands of would-be hackers have ALSO downloaded the 
same script and have familiarized themselves with ways that it can be 

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to