|
-
January 26th, 2005, 01:14 AM
#11
Originally posted here by PuReExcTacy
We're not talking about system patching, that's a whole new issue altogether. Register globals is also another thread. Basically, my thread is pointing things that you can do to secure your php installation. I didn't get broken into thank god, but I wanted to share the reason why. Weak input validation was the original vulnerability being discussed, not register globals. Thanks for your comment though.
My point was more that maybe your example could be a real valid dangerous one, not one created ficticiously. If people can learn from it anyway, it's only good.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
January 26th, 2005, 01:41 AM
#12
Originally posted here by slarty
show_source only shows the source code if it's called. In practice, no application ever calls show_source. So where's the danger?
I already explained the danger above. I look at functions and classes like services on the OS. If I know I'm not going to ever be using the service, I disable it. That's the basic principle.
If I would come to need the function, then removing it from the list only takes a second and it helps keep the environment safer. A perfect example of this concept is file system functions. Why would I make them available if I were not going to be using it, again this concept is for a production environment, not dev.
PuRe
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote