On Thu, May 22, 2008 at 07:19:54AM +0200, Fabian Lange wrote:
> of course this would work on shared hosting as well, why wouldn't it?
I may be wrong, but I think the problem is that on a shared host,
the IP address will be 127.0.0.1 when accessing a site on the same
machine.
Consider this scenario:
1) symfony developer has site example.org on host ABC
2) hacker has site foobar.com on host ABC
3) hacker puts the script
<?php
echo file_get_contents('http://example.org/frontend_dev.php')
?>
on his account
4) PHP makes the request, but because it's the same machine,
the remote address is 127.0.0.1
5) symfony thinks it's safe to display frontend_dev, so it does
I doubt this happens every day, but I suppose it's possible.
Carl
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
-~----------~----~----~----~------~----~------~--~---
