By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
454,402 Members | 1,621 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 454,402 IT Pros & Developers. It's quick & easy.

PHP Environment strings and security question

P: n/a
I have a few questions about PHP and environment strings, specifically
PATH_INFO and PATH_TRANSLATED.

I am trying to get a clear understand on what these values should be when
created by a web server script mapping implementation (in this case, our
Wildcat! Web Server).

By example, if the URL are:

/public_folder/testscript.php?arguments
/private_folder/testscript.php?arguments

public vs private refers to authentication requiired by web server (enforced
by the web
server based on the folder).

The engine is defined by the script map table, for example:

Extension: .PHP
Engine: d:/php4/php.exe

What would be the PATH_INFO and PATH_TRANSLATED with or without arguments?

I'm asking because it seems to me, from a CGI standard, a PHP call would
look like, for example:

/CGI-BIN/php.exe/public_folder/testscript.php?arguments

Therefore

PATH_INFO=/public_folder/testscript.php?arguments
PATH_TRANSLATED=c:\webserver\public_folder\testscr ipt.php?arguments

Is this correct?

Finally, in terms of authentication and security, it is a good idea not to
expose the
direct physical path information to this script? or is this a red-herring
in the sense that any possible malicious script already loaded/installed on
the server has already got into the door?

Thanks in advance

-- hector

Jul 17 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.