473,398 Members | 2,427 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > question about safe

Join Bytes to post your question to a community of 473,398 software developers and data experts.

question about safe

MZ
Hello!

How to prevent from such try of attack of the website?

http://www.example.com/index.php?id=0?;print_r(glob('*'));echo%20%22

Thank you in advance for help
M.
Jan 27 '08 #1
3 1056
On Sun, 27 Jan 2008 20:30:14 +0100, MZ <ma**************@poczta.onet.pl>
wrote:
Hello!

How to prevent from such try of attack of the website?

http://www.example.com/index.php?id=0?;print_r(glob('*'));echo%20%22
By just not running/eval()ing arbitrary code from outside? You'd really
have to provide the mechanism for the hacker for this to work, it is not
an inherent vulnerability of PHP.
--
Rik Wasmus
Jan 27 '08 #2
MZ

Uzytkownik "Rik Wasmus" <lu************@hotmail.comnapisal w wiadomosci
news:op***************@metallium.lan...
On Sun, 27 Jan 2008 20:30:14 +0100, MZ <ma**************@poczta.onet.pl>
wrote:
Hello!

How to prevent from such try of attack of the website?

http://www.example.com/index.php?id=0?;print_r(glob('*'));echo%20%22
By just not running/eval()ing arbitrary code from outside? You'd really
have to provide the mechanism for the hacker for this to work, it is not
an inherent vulnerability of PHP.
--
Rik Wasmus

Hello Rik!

Sorry English language is not my national language.
Please explain to me in details this sentence:

By just not running/eval()ing arbitrary code from outside?

What do you mean by asking me it?

You said that is not the weakness of PHP. Do you mean that PHP is
such attacks proof?

Thank you and sorry for such question
M.

Jan 27 '08 #3
Uzytkownik "Rik Wasmus" <lu************@hotmail.comnapisal w
wiadomosci news:op***************@metallium.lan...
On Sun, 27 Jan 2008 20:30:14 +0100, MZ <ma**************@poczta.onet.pl>
wrote:
Hello!
How to prevent from such try of attack of the website?
http://www.example.com/index.php?id=0?;print_r(glob('*'));echo%20%22
By just not running/eval()ing arbitrary code from outside? You'd really
have to provide the mechanism for the hacker for this to work, it is not
an inherent vulnerability of PHP.
On Sun, 27 Jan 2008 20:37:56 +0100, MZ <ma**************@poczta.onet.pl>
wrote:
Sorry English language is not my national language.
Please explain to me in details this sentence:
By just not running/eval()ing arbitrary code from outside?
What do you mean by asking me it?
You said that is not the weakness of PHP. Do you mean that PHP is
such attacks proof?
Thank you and sorry for such question
Yes, PHP will NOT execute code from the URL without you telling it to.
What you DO want to check for is SQL injection (google it).
--
Rik Wasmus
Jan 27 '08 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

27
Quick question on smart pointers
by: Susan Baker | last post by:
Hi, I'm just reading about smart pointers.. I have some existing C code that I would like to provide wrapper classes for. Specifically, I would like to provide wrappers for two stucts defined...
C / C++
51
[C] simple string question
by: Alan | last post by:
hi all, I want to define a constant length string, say 4 then in a function at some time, I want to set the string to a constant value, say a below is my code but it fails what is the correct...
C / C++
1
asynchronous delegates and events question
by: Natalia DeBow | last post by:
Hi, I am working on a Windows-based client-server application. I am involved in the development of the remote client modules. I am using asynchronous delegates to obtain information from...
C# / C Sharp
6
Strange question: why can't some classes be inherited?
by: Peter Oliphant | last post by:
I just discovered that the ImageList class can't be inherited. Why? What could go wrong? I can invision a case where someone would like to add, say, an ID field to an ImageList, possible so that...
.NET Framework
34
My ritual question for each new version of Access since 2000
by: Mathieu Trentesaux | last post by:
Hello I downloaded Office 2007 for this reason : It seems, once again, that it is impossible to save any modification done in a VBA library, from the main project in Access. The save button...
Microsoft Access / VBA
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!