|
Posted by comp.lang.php on 10/06/05 17:19
Unfortunately that is not the case. The provider does not allow
storage outside of the docroot, else, that would of course solve
everything as all of the TCL scripts would work outside of the docroot
in that case.
I did manage to add one extra line of security as a measure:
...
} elseif {[string length $firstname] > 75 || [string length $lastname]
> 75} {
# HANDLE
}
...
Phil
Steve wrote:
> > It would function, yes, but I don't see how that would offer any form
> > of protection as the hacker would still have access to the TCL CGI
> > script with his/her original HTML cached page. I guess I am unclear as
> > to how this would tighten things up.
>
> It depends on whether your setup allows you to store files in
> directories other than your web root folder and below.
>
> If the TCL script can be stored and executed outside of your web
> there's no direct access to it from a browser.
>
> For instance, my host has a fairly common setup where the web root
> folder is
>
> /home/steve/web/
>
> but I can create folders in /home/steve that are outside the web.
>
>
> ---
> Steve
[Back to original message]
|