eature actually
provides, why would you NOT have a way of disabling it. I would if I
could, and I know of others who would as well.
Any thoughts?
KJ
PS: If you gave someone that you didn't trust access to your scripts
then you're asking for trouble, that was not my point and was not pa
it
of source code to check if these workarounds have been applied. I would
much rather set a allow_url_include flag to "off", and not have to worry
about that. There are plenty of things you need to worry about when
hosting, and this would create one less.
KJ
--
PHP General Mailing L
Just want to double check that you're using the correct array in $_POST!
Are you using ? If not then you should be using
$_GET, not $_POST.
$_SERVER['REQUEST_METHOD'] will have the method that you are using,
remember to use the corresponding pre-defined variables.
KJ
Stuart F
ssue.
So yes, instead of having a language level feature that could eliminate
this problem let's rely on all of the programmers and web hosts.
Thank you for the discussion.
KJ
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Greg Donald wrote:
On Fri, 10 Dec 2004 22:00:43 +, KJ <[EMAIL PROTECTED]> wrote:
5. Joe Hacker has studied the script coz he's a tart that wants to piss
people off and he has found a vunerability.
6. Joe Hacker uses the vunerability to change your account passwd. He
then logs in
king about, I hope this is clear. The vunerability I
described in one of my previous posts.
The "worry" that I'm expending comes from being hacked twice using this
method, I think the amount of worry expended is in line with the amount
of frustration that I have endured.
KJ
Richar
Ah OK. So the only only includes should be out of the web tree, or on a
remote site?
Nice one.
Mike Ford wrote:
To view the terms under which this email is distributed, please go to
http://disclaimer.leedsmet.ac.uk/email.htm
On 10 December 2004 22:07, Richard Lynch wrote:
This is a MUCH BIGGER
7 matches
Mail list logo
