By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
454,402 Members | 1,621 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 454,402 IT Pros & Developers. It's quick & easy.

PHP Environment strings and security question

P: n/a
I have a few questions about PHP and environment strings, specifically

I am trying to get a clear understand on what these values should be when
created by a web server script mapping implementation (in this case, our
Wildcat! Web Server).

By example, if the URL are:


public vs private refers to authentication requiired by web server (enforced
by the web
server based on the folder).

The engine is defined by the script map table, for example:

Extension: .PHP
Engine: d:/php4/php.exe

What would be the PATH_INFO and PATH_TRANSLATED with or without arguments?

I'm asking because it seems to me, from a CGI standard, a PHP call would
look like, for example:



PATH_TRANSLATED=c:\webserver\public_folder\testscr ipt.php?arguments

Is this correct?

Finally, in terms of authentication and security, it is a good idea not to
expose the
direct physical path information to this script? or is this a red-herring
in the sense that any possible malicious script already loaded/installed on
the server has already got into the door?

Thanks in advance

-- hector

Jul 17 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.