 |
 |
 |
 |
|
|
Date: 11/15/00
- Next message: Ignacio Vazquez-Abrams: "Re: [PHP] Secuirity issues?"
- Previous message: MR: "RE: [PHP] mail() process limit"
- Next in thread: Ignacio Vazquez-Abrams: "Re: [PHP] Secuirity issues?"
- Reply: Ignacio Vazquez-Abrams: "Re: [PHP] Secuirity issues?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
What is a bad thing to miss (that could become a secuirity issue) while writing
some PHP/SQL code?
I figure that I shouldn't put my config.inc.php (containing SQL passes) files in
a publically readable dir because people could use include() to get the
password.
The fix? Putting config.inc.php files outside of the web tree? Using a .htaccess
file in the .in dir?
Will PHP execute the PHP/SQL code inserted in text boxes? I've heard it does,
will it be fixed when I use just the addslashes() or will I need to use
something more? How about the escapeshellcmd(), should I use this too?
Does anybody know more about writing "secure" PHP scripts?
Yours,
Lauri
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe <email protected> For additional commands, e-mail: php-general-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Ignacio Vazquez-Abrams: "Re: [PHP] Secuirity issues?"
- Previous message: MR: "RE: [PHP] mail() process limit"
- Next in thread: Ignacio Vazquez-Abrams: "Re: [PHP] Secuirity issues?"
- Reply: Ignacio Vazquez-Abrams: "Re: [PHP] Secuirity issues?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]