Feature Requests item #1518713, was opened at 2006-07-07 14:56
Message generated for change (Comment added) made by hoerj
You can respond by visiting: 

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Interface Improvements
Group: None
Status: Open
Priority: 5
Submitted By: Jürgen Hörmann (hoerj)
Assigned to: Nobody/Anonymous (nobody)
Summary: Merge all Files into one

Initial Comment:
Because this program opposes the webserver to a highly
increased risk of being hacked i suggest not to leave
the script on the server.
To make it more usable to upload, use and delete the
script it would be good if all files and config could
be merged into one solid php file.


>Comment By: Jürgen Hörmann (hoerj)
Date: 2006-07-08 01:27

Logged In: YES 

I can not agree. The effort to upload and delete the script
is nothing compared to the security risk of this software.
You should not deny the probability that there will always
be other php scripts that have vulnerabilities. Those
scripts might be exploited to include other files on the
server. That way you can easyly bypass the .htaccess protection.
That this scenario is not only a fiction is shown on your
comment list on your "old" webpage. 
IMHO this script is mainly useful for installation and
service tasks, jobs you only do from time to time. So the
effort of uploading is negligible to me.

The problem with the readability of the code coul be solved
by making a development version that consists of multiple
files that are only merged for the release version. It would
be possible to make a setup routine that merges all files, too.


Comment By: Tobias Unger (tobiasunger)
Date: 2006-07-07 17:01

Logged In: YES 

of course, software like this is also a safety risk, but I
think this idea is very time-consuming.
I think it is easyer and nearly as save as your idea to put
the software into a directory protected by .htaccess (for a
access control).
Putting al the software in just one file would make this
file less easy to understand.
Tobias Unger (tobias-unger.de)


You can respond by visiting: 

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
phpshell-devel mailing list

Reply via email to