Re: [PHP] Newbie: Safe function call to a .inc file outside the web folder — PHP

You are here: Re: [PHP] Newbie: Safe function call to a .inc file outside the web folder « PHP « IT news, forums, messages

Posted by "Richard Lynch" on 08/27/05 02:42

On Fri, August 26, 2005 5:55 am, Edward Vermillion wrote:
> Chris Shiflett wrote:
>
>> Because $_SERVER['SERVER_NAME'] can be manipulated by the user in
>> some
>> cases, you must consider $temp tainted at this point.
>>
>
> I was under the the impression that the non-'HTTP_*' keys in the
> $_SERVER array came from the server itself. Obvoiusly I'm wrong, but
> I'm
> curoius how 'SERVER_NAME' could be manipulated by the client. Is there
> anything in the $_SERVER array that *can* be considered safe?

Here is what little info I have in my brain on this topic... :-)

When your browser requests:
http://example.com/index.php
what really happens is a more like doing this from a command shell:

telnet example.com 80
[wait for a prompt, type the following]
GET /index.php HTTP/1.0
Host: example.com
[hit return again here]

This last one, the "Host:" headers, is used by VirtualHost settings in
Apache to determine which URL you actually want.

But there's nothing to stop Bad Guy from doing this:
telnet php.net 80
GET /index.php HTTP/1.0
Host: example.com

At that point, if php.net responds at all, I *THINK*
$_SERVER['SERVER_NAME'] might, depending on Apache configuration, be
'example.com'

Or maybe not.

But when you stop to think about all the sites that are hosted on
multiple server farm setups, where a single domain is actually
serviced by an army of computers due to the sheer volume, you realize
that the 'SERVER_NAME' cannot POSSIBLY be the actual honest-to-god
there-is-only-one IP address of a single computer that is responding.

So odds are really good that in *SOME* situations,
$_SERVER['SERVER_NAME'] is not particularly reliable.

That may not be your situation ; It might be 100% reliable in YOUR
situation.

But do you really want to write code that might maybe someday get
thrown into a different situation that has vulnerabilities in it?

Disclaimer: I really have no idea how it could harm you, but if Chris
Shifflett warns against it, don't do it. :-)

--
Like Music?
http://l-i-e.com/artists.htm

Navigation:

Next in forum: Re: [PHP] PHP Security
Prev in forum: Re: Sort table by column and pagination
Thread view: Re: [PHP] Newbie: Safe function call to a .inc file outside the web folder

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация