Reply to Re: Qustion on viewing code

Your name:

Reply:


Posted by Christoph Burschka on 02/23/07 07:00

Steve wrote:
> true. however sadly, *most* web servers (apache anyway) out there at least
> parse all documents through php even if the extension is different...things
> like .css or .jpg, or what have you. this is the critical part. as long as
> this is the configuration, you can find *many* ways to get your script onto
> their server. and you will have enough authorization to access any system
> directory that php has access to...even those not in the web root.

Um, excuse me, but I've never seen/used a server that was set up like
that (then again, you can usually trust professional web hosts to set up
their servers properly). On one or two occasions, I've seen someone in
here ask if you *can* set up the server to parse everything through PHP,
and the general answer was "don't, because it's horribly insecure". It's
useful for single directories (containing dynamic images or feeds), but
as long as those directories are separated from the ones where files can
be uploaded, it should be safe.

--cb

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация