ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

ONJava Topics
All Articles
Best Practices
Enterprise JavaBeans
Java and XML
Java Data Objects
Java EE (Enterprise)
Java IDE Tools
Java Media
Java SE (Standard)
Java Security
Java SysAdmin
JDO/JDBC/SQLJ
JSP and Servlets
Open Source Java
P2P Java
Web Services
Wireless Java

AddThis Social Bookmark Button
Article:
  Ten Security Checks for PHP, Part 1
Subject:   Not the kind of article i would expect from o'reilly!
Date:   2003-03-28 09:48:45
From:   anonymous2

First, include("http://www.some-BAD-site.com/whatever.php") can't really do any harm, since it is executed on the some-bad-site.com, and not on the targeted machine.



Other stuff like POST and GET global issues have been dealt with php team, and using $_SUPERGLOBALS. This is also true for $_FILES, that can't be tricked in the described way.


That *where* good security tips, but maybe a year or two ago..



..Not the kind of article i would expect from o'reilly..



zombie
1 to 2 of 2
1 to 2 of 2


Recommended for You