Re: question about safe — PHP Programming Language

You are here: Re: question about safe « PHP Programming Language « IT news, forums, messages

Posted by AnrDaemon on 01/29/08 20:33

Greetings, MZ.
In reply to Your message dated Sunday, January 27, 2008, 22:30:14,

> How to prevent from such try of attack of the website?

> http://www.example.com/index.php?id=0?;print_r(glob('*'));echo%20%22

Do NOT trust any user input.
In this case, You DO HAVE trusted the variable passed by user (either the $_GET['id']
variable or whole parameter string)

Go check Your code for this exploit, it is Your mistake, not PHP weakness.

P.S.
If it is not Your own code, delete it and write it Yourself from scratch.

--
Sincerely Yours, AnrDaemon <anrdaemon@freemail.ru>

Navigation:

Next in forum: Re: webpage hit counter in PHP
Prev in forum: Re: Tokenizer Support
Thread view: Re: question about safe

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация