Reply to Re: Qustion on viewing code

Your name:

Reply:


Posted by Steve on 02/23/07 04:45

"Rik" <luiheidsgoeroe@hotmail.com> wrote in message
news:op.tn6pvcviqnv3q9@misant...
| Steve <no.one@example.com> wrote:
| > find a server that parses all documents via php instead of by extension,
| > ....
| >
| > it's not hard to hack any site...it just takes a bit of knowledge and
| > some desire.
|
| And in this case, both an insane webserver setting and a either no or a
| bogus check on files after upload... Usually it would be much, much
harder.

true. however sadly, *most* web servers (apache anyway) out there at least
parse all documents through php even if the extension is different...things
like .css or .jpg, or what have you. this is the critical part. as long as
this is the configuration, you can find *many* ways to get your script onto
their server. and you will have enough authorization to access any system
directory that php has access to...even those not in the web root.

this is not just a php issue, asp and others have the same problem. people
are not ever as aware as they should be when it comes to security. myself
included.

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация