Re: [PHP] How to protect a php script that sends variables to itself — PHP

You are here: Re: [PHP] How to protect a php script that sends variables to itself « PHP « IT news, forums, messages

Posted by Jochem Maas on 10/24/05 22:39

....

> Problem:
> if the users does this:
> curl -l -i "http://www.myserver/scripts/makeMoviePlaylist.php?
> cmd=makesmil"
>
> From the above curl'd output, entering the below url into a browser
> will get the movie:
> http://www.myserver/scripts/makeMoviePlaylist.php?
> cmd=getmovie&path=wb1v2x9hApqFwTHhG5tSJlVp9bGi8glguo+gC565a5o="
>

thats what its supposed to do isn't it?
under what conditions is someone allowed to grab the movie?
and when are they not allowed?
why is it important that you control whether they use a browser,
a canopener or sone microsoft software to download?

>
> is this possible to prevent ? Or is there a better approach?

approach to what? what is your goal (what are the requirements)?

> This stuff is making my head spin a bit...

not to worry soon the walls will be closing in ;-)

> I am learning aspects of security so any help is appreciated.
>
> many thanks:)
> g
>
>
>
> This the output from:
> curl -l -i "http://www.myserver/scripts/makeMoviePlaylist.php?
> cmd=makesmil"
>
> ETag: 253bd3c0260c47ad994857992e073682
> Accept-Ranges: bytes
> Content-Length: 5132
> Content-Type: application/smil
>
> <smil xmlns:qt="http://www.apple.com/quicktime/resources/smilextensions"
> qt:time-slider="true"
> qt:chapter-mode="clip"
> qt:immediate-instantiation="false"
> qt:autoplay="true">
> <head>
> <meta name="base" content="http://www.myserver/scripts/" />
> <meta name="full-name" content="Commercial Reel 2005"/>
> <meta name="name" content="Commercial Reel 2005"/>
> <meta name="copyright" content="2005"/>
> <meta name="author" content="Graham Anderson"/>
> <layout>
> <root-layout id="main" title="Commercial Reel 2005" left="0" top ="0"
> width="352" height="208" background-color="black"/>
> <region id="firsttrack" z-index="1" left="0" top ="0" width = "352"
> height = "208" background-color="black"
> qt:attach-timebase="true" qt:immediate-instantiation="false"
> qt:autoplay="true" qt:time-slider="true" qt:chapter-mode="clip" />
>
> <region id="siren" z-index="1" left="0" top ="0" width="352"
> height="208" fit ="fill" background-color="black"
> qt:time-slider="true" qt:attach-timebase="true" qt:autoplay="true"
> qt:chapter-mode="clip"
> qt:immediate-instantiation="false" />
>
> <region id="drm" z-index="3" left="0" top ="0" width = "352" height =
> "208" background-color="black"
> qt:attach-timebase="false" qt:immediate-instantiation="false"
> qt:autoplay="false" qt:time-slider="false"/>
> </layout>
> </head>
> <body>
> <switch>
> <par system-bitrate="768000">
> 
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=zSbG5zDpCJiqc2mbIunOjkw35wn2Q+saBlJZbaXmYUI="
> region="drm" duration="indefinite"/>
> <seq>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=wb1v2x9hApqFwTHhG5tSJlVp9bGi8glguo+gC565a5o="
> region="firsttrack" qt:chapter="levis: crazy legs"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=wHvUoTrGxSW7C8uHjo7hHWLh9hJdvL0hVNx9hoUX3zM="
> region="siren" qt:chapter="adidas: the game"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=pGUsQZ5nfQtuysSgiTdHyvHdoY1hyA+rio/tbM9sSsA="
> region="siren" qt:chapter="boeing: freedom"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=saCzqVi4h08ikgSBUcLjUjwHxzh9DL5Wib0d0dKi3mo="
> region="siren" qt:chapter="yamaha: mama said"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=MqOqXo89l9O012WsrvZIVHLKfZx6mo4fqCcez2GvKlA="
> region="siren" qt:chapter="gmc: sliding roof"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=2j53xedyHmUM2uSxWlxg2LqDDk+b7/kkIDKigEdYdp0="
> region="siren" qt:chapter="nokia: color adjustment"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=Um2ysEtdgslrEyYZNaPU/KJD6MfTSKXH/HRRqOwj5ug="
> region="siren" qt:chapter="bmw: drive"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=gPx1sdVxgYRgjCmX0V6WDVqPG/crkySweYrY/tXkrU0="
> region="siren" qt:chapter="guinness: taste"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=MajLzma9FRxXFuxYS9YwCuJtxCRIpkaMNDx3CMrXgyA="
> region="siren" qt:chapter="apple: ellen feiss"/>
> <video src="makeMoviePlaylist.php?cmd=getmovie&path=LU/xHFq/
> 8jHGfn2gWDPDycW9CaQW55gjzP4sTXvwrAg=" region="siren"
> qt:chapter="playstation: joan"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=ZmT4A6kfPIg7tFc6zUVYRznT89czwdXA9hjgn3Erehg="
> region="siren" qt:chapter="pentax: hey"/>
> <video src="makeMoviePlaylist.php?cmd=getmovie&path=iUMIIycwZ0QzJVUtUI
> +N3glwgfAXPTgFq+mbmXS5vOo=" region="siren" qt:chapter="nike: dreams"/>
>
> </seq>
> </par>
>
> <par system-bitrate="512000">
> 
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=zSbG5zDpCJiqc2mbIunOjkw35wn2Q+saBlJZbaXmYUI="
> region="drm" duration="indefinite"/>
> <seq>
> <video src="makeMoviePlaylist.php?cmd=getmovie&path=5qRrKwWbemaOh5+
> +SOgv5SRshkpGTuvW5cIyRN9EWQM=" region="firsttrack" qt:chapter="levis:
> crazy legs"/>
> <video src="makeMoviePlaylist.php?cmd=getmovie&path=FzWapZbGt1YkCGKiB
> +fmlGftup5K8nYl6yVUTG+l+7c=" region="siren" qt:chapter="adidas: the
> game"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=Q3gUP0pHVYYjsmCUn2PqMPTOwsqH/x4TbPJbwmEm9yc="
> region="siren" qt:chapter="boeing: freedom"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=4OQkZQNgbKWnJcZKA0Dwu9blaufGr9nrMemtfykVNK8="
> region="siren" qt:chapter="yamaha: mama said"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=SjXVxuW7miYu0djHcpXX2xSk/hpoxPnCmFhoiGJ2Zlc="
> region="siren" qt:chapter="gmc: sliding roof"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=X3LbGKCtMcK5q3uhQpzEy4YNNaRwezXqS8qHx/KXC64="
> region="siren" qt:chapter="nokia: color adjustment"/>
> <video src="makeMoviePlaylist.php?
> cmd=getmovie&path=EPCybK7ipcFMAhj7Lkejc+OWulQVwNDZlLA8sFDRFt0="
> region="siren" qt:chapter="bmw: drive"/>
> <video src="makeMoviePlaylist.php?cmd=getmovie&path=R9
> +mtBsHiUiPvn5hw8PbcTVu9Zy5I7BnhPIeiT2wGPA=" region="siren"
> qt:chapter="guinness: taste"/>
> <video src="makeMoviePlaylist.php?cmd=getmovie&path=N/bnlupKzblackF
> +x4ZDedx8LyOn62vjGvI8uMBR648=" region="siren" qt:chapter="apple: ellen
> feiss"/>
> <video src="makeMoviePlaylist.php?cmd=getmovie&path=gy8lEzyB
> +hbyfZqgTEC/hwjJCuBSZObz2k1lkzl2x38=" region="siren"
> qt:chapter="playstation: joan"/>
> <video src="makeMoviePlaylist.php?cmd=getmovie&path=mnI7NPIv
> +UUdj9bjBXskipg40IBLjRdeDYDRepdMiBQ=" region="siren"
> qt:chapter="pentax: hey"/>
> <video src="makeMoviePlaylist.php?cmd=getmovie&path=c9crwb4Ss
> +xcups9lnvEg+TVX5Duf6+3jPNq3vciSnU=" region="siren" qt:chapter="nike:
> dreams"/>
>
> </seq>
> </par>
> </switch>
> </body>
> </smil>
>

Navigation:

Next in forum: Re: [PHP] Problem reading SimpleXML array
Prev in forum: Re: [PHP] php Slow with Mac OS X 10.4
Thread view: Re: [PHP] How to protect a php script that sends variables to itself

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация