[PHP] temporary DNS lookup in php?
Hello list, I am trying to open a remote webpage in my php program with curl library. The webpage will redirect me to another webpage(Say, http://www.anothersite.com/index.html;). Basically, the curl library will resolve the domain name via the DNS servers defined in the system, however, I hope I can customized the temporary DNS lookup in the php program for special purpose without modifying the /etc/resolv.conf or other system configuration files. Is it possible? How? -- Patrick Hsieh[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] using curl to get part of the html
Hello list, I am writing a php script to fetch a html page and verify its content which generated by a remote cgi program. The special cgi program generates endless content to the http client. Therefore, I need to figure out a solution for curl to fetch part of the html source code(In fact, I only need the first 100 lines of the html source). I tried CURLOPT_TIMEOUT, but when curl_exec() timeouts, it will not return part of the html source it already fetched--actually it returns nothing at all. Is there any way to work around this? #!/usr/bin/php4 -q ?php $url = http://www.example.com/cgi-bin/large_output.cgi;; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 3); $result = curl_exec($ch); curl_close($ch); echo $result; ? -- Patrick Hsieh[EMAIL PROTECTED] GnuPG Pubilc Key at http://www.ezplay.tv/~pahud/pahudatezplay.pubkey MD5 checksum: b948362c94655b74b33e859d58b8de91 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mysql_pconnect() and mysql_connect()
Hello, When I use mysqladmin processlist to view the mysql process, there are a few process in Sleep status. I wonder what makes it sleep, so I wrote a little script like this: #!/usr/bin/php4 ? mysql_pconnect(192.168.16.210,myaccount,password); system(sleep 10); ? This script will make a mysql_pconnect(), sleep for 10 seconds and then end the script. In the sleep time, I use mysqladmin process to view the process and exactly the process is there. But when the script ends after 10 seconds, I can't find that process in the processlist. So, what makes those Sleeping process in my mysql server? -- Patrick Hsieh [EMAIL PROTECTED] GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] is $HTTP_REFERER worth trusting?
Hello list, I have a php program which executes a heavy mysql query upon request. Normally, it should not be requested too often, but I am afraid malicious user trying to massively call this program. I am considering to use $HTTP_REFERER to restrict the connection source, but is it worth trusting? Is it possible for a hacker to make an identical $HTT_REFERER in the header? I have no idea how $HTTP_REFERER is made, is it made from the http client and put in the http header? If I can't trust $HTTP_REFERER, how can I deny malicious attack like that? -- Patrick Hsieh [EMAIL PROTECTED] GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is $HTTP_REFERER worth trusting?
Hello Dan Hardiker [EMAIL PROTECTED], Then, it is not safe to do IP-based blocking, right? Any alternative? On Thu, 16 May 2002 10:10:44 +0100 (BST) Dan Hardiker [EMAIL PROTECTED] wrote: Craig Vincent wrote: The best thing you can do is temporarily record the IPs of connections to your script, and then block IPs that connect to the script too often directly from your routing table. It doesn't necessarily stop those using proxies but definately is more reliable than an HTTP_REFERER protection scheme. If you are expecting to have a wide (uncontrolled) audience for the data you are outputting I would strongly suggest against doing this as the majority of major ISPs operate transparent web proxies - where everyone from that ISP will appear to be coming from the same IP. If I was a malitious user, I would get a block of 50 IPs, place them on a unix box and then bind randomly to the IPs when making the calls... making the work around for this security measure trivial. Im not saying you shouldnt implement any method of security, as some security is far better than none! Just making sure that everyone is aware of the consequences and implications. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Patrick Hsieh [EMAIL PROTECTED] GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] register_globals in php4
Hello list, php4.1 recommends to set register_globals=off in php.ini to make php more strict. My question is, if I turn off register_globals, what will happen if any malicious user just try to modify the variable values in the url? Say, http://www.domain.com/xxx.php?id=3sex=female Does it work if user just change the value in the URL directly and send the url directly to web server? How can we avoid the malicious attack by directly http GET/POST with modified parameter values to make possible system error or compromise? -- Patrick Hsieh [EMAIL PROTECTED] GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
