Reply to Re: Qustion on viewing code

Your name:

Reply:


Posted by Jerry Stuckle on 02/23/07 11:15

Steve wrote:
> "Rik" <luiheidsgoeroe@hotmail.com> wrote in message
> news:op.tn6pvcviqnv3q9@misant...
> | Steve <no.one@example.com> wrote:
> | > find a server that parses all documents via php instead of by extension,
> | > ....
> | >
> | > it's not hard to hack any site...it just takes a bit of knowledge and
> | > some desire.
> |
> | And in this case, both an insane webserver setting and a either no or a
> | bogus check on files after upload... Usually it would be much, much
> harder.
>
> true. however sadly, *most* web servers (apache anyway) out there at least
> parse all documents through php even if the extension is different...things

Do you have proof of this statement? I find just the opposite - very
few servers parse non-html files through PHP - and most of those who do
change when told about the security implications.

> like .css or .jpg, or what have you. this is the critical part. as long as
> this is the configuration, you can find *many* ways to get your script onto
> their server. and you will have enough authorization to access any system
> directory that php has access to...even those not in the web root.
>
> this is not just a php issue, asp and others have the same problem. people
> are not ever as aware as they should be when it comes to security. myself
> included.
>
>


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация