Posted by Jerry Stuckle on 12/06/05 14:52

bio-anomoly wrote:
> I was just giving my PHP a bit of a spin, and I noticed that opendir
> opens EVERYTHING, and unix commands can be executed with the ' grave,
> like this 'ls -lR /'.
>
> Can someone quantify how slack this is? Is it normal practice amongst
> large servers?
>
> When the security is this crap, what else can happen?
>

So - what's the problem? The same can be true with C, Java, perl, asp
or almost any other programming language.

Although security is not the responsibility of the programming language
(it's an OS responsibility!), there are some things built into PHP - see
safe mode, for instance.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: session question, please advice
• Prev in forum: Re: session question, please advice
• Thread view: Re: Terrible security on a large server

[Reply to this message]