On Thursday 01 August 2002 15:28, Lord Loh. wrote:
> I suppose include() can be used to include files from remote systems(not on
> So, How can I protect my script from unauthorised inclusions ?
> A webmaster on the same server can always use a path like
> "/home/htdocs/.../config.php" and include my config .php which contains my
> database password !!
> Even a web master from a remote server can do the same by probably using
> I am using windows 2000/apache/php so I really have not tried these...but
> the docs say it can be done(remote system inclusion except on win)
When you include() a remote file eg:
it only includes the OUTPUT of http://www.xyz.net/config.php. Thus if all
config.php does is assign some values to variables, ie produces no output,
then the result of the include is nothing.
Basically if you have a correctly configured webserver then there is no need
to worry about people remotely including your scripts (because all they see
is the HTML produced by your script).
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
"There is no statute of limitations on stupidity."
-- Randomly produced by a computer program called Markov3.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php