Feature Requests item #1518713, was opened at 2006-07-07 14:56 Message generated for change (Comment added) made by hoerj You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=800590&aid=1518713&group_id=156638
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface Improvements Group: None Status: Open Priority: 5 Submitted By: Jürgen Hörmann (hoerj) Assigned to: Nobody/Anonymous (nobody) Summary: Merge all Files into one Initial Comment: Because this program opposes the webserver to a highly increased risk of being hacked i suggest not to leave the script on the server. To make it more usable to upload, use and delete the script it would be good if all files and config could be merged into one solid php file. ---------------------------------------------------------------------- >Comment By: Jürgen Hörmann (hoerj) Date: 2006-07-08 01:27 Message: Logged In: YES user_id=1551592 I can not agree. The effort to upload and delete the script is nothing compared to the security risk of this software. You should not deny the probability that there will always be other php scripts that have vulnerabilities. Those scripts might be exploited to include other files on the server. That way you can easyly bypass the .htaccess protection. That this scenario is not only a fiction is shown on your comment list on your "old" webpage. IMHO this script is mainly useful for installation and service tasks, jobs you only do from time to time. So the effort of uploading is negligible to me. The problem with the readability of the code coul be solved by making a development version that consists of multiple files that are only merged for the release version. It would be possible to make a setup routine that merges all files, too. ---------------------------------------------------------------------- Comment By: Tobias Unger (tobiasunger) Date: 2006-07-07 17:01 Message: Logged In: YES user_id=1432671 Hi, of course, software like this is also a safety risk, but I think this idea is very time-consuming. I think it is easyer and nearly as save as your idea to put the software into a directory protected by .htaccess (for a access control). Putting al the software in just one file would make this file less easy to understand. Tobias Unger (tobias-unger.de) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=800590&aid=1518713&group_id=156638 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ phpshell-devel mailing list phpshell-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpshell-devel
