FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Help with Security
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Help with Security [message #171749] Mon, 30 September 2013 04:47 Go to next message
chirag sharma is currently offline  chirag sharma
Messages: 2
Registered: September 2013
Karma: 0
Junior Member
Hi
I have created an online PHP code executor at http://web.guru99.comAlthough I have checked all security loopholes … do you experts see any major security leak that I need to care of?"
Re: Help with Security [message #171750 is a reply to message #171749] Mon, 30 September 2013 05:00 Go to previous messageGo to next message
J.O. Aho is currently offline  J.O. Aho
Messages: 194
Registered: September 2010
Karma: 0
Senior Member
On 30/09/13 06:51, chirag sharma wrote:

Frist of all, do not multi post, if you want to ask the same question in
more than one relevant usergroup, then cross post.


> I have created an online PHP code executor at http://spam.example.com Although I have checked all security loopholes
> … do you experts see any major security leak that I need to care of?"

The question is anseverble if you post a location to the whole code. In
most cases the reviewer would most likely want something for the work.

--

//Aho
Re: Help with Security [message #173217 is a reply to message #171749] Mon, 30 September 2013 14:18 Go to previous messageGo to next message
Richard Yates is currently offline  Richard Yates
Messages: 86
Registered: September 2013
Karma: 0
Member
On Sun, 29 Sep 2013 21:47:47 -0700 (PDT), chirag sharma
<chiragsharma(dot)guru99(at)gmail(dot)com> wrote:

> Hi
> I have created an online PHP code executor at http://web.guru99.comAlthough I have checked all security loopholes … do you experts see any major security leak that I need to care of?"

<?php $d='7'; echo $d?>

yields: 'syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting
T_STRING'


<?php echo $d; ?>

yields: 'Notice: Undefined variable: d in
/home/code1/public_html/PHP/exec.php(69) : eval()'d code on line 1'

Do you really want such errors with the defined path displayed?
Re: Help with Security [message #182974 is a reply to message #171749] Mon, 30 September 2013 13:58 Go to previous messageGo to next message
Richard Yates is currently offline  Richard Yates
Messages: 86
Registered: September 2013
Karma: 0
Member
On Sun, 29 Sep 2013 21:47:47 -0700 (PDT), chirag sharma
<chiragsharma(dot)guru99(at)gmail(dot)com> wrote:

> Hi
> I have created an online PHP code executor at http://web.guru99.comAlthough I have checked all security loopholes … do you experts see any major security leak that I need to care of?"

Don't know about the security, but this hangs:

<?php
for($c=0;$c<=10;++$c)
echo $c;
?>
Re: Help with Security [message #182975 is a reply to message #171749] Mon, 30 September 2013 15:20 Go to previous messageGo to next message
Erwin Moller is currently offline  Erwin Moller
Messages: 228
Registered: September 2010
Karma: 0
Senior Member
On 9/30/2013 6:47 AM, chirag sharma wrote:
> Hi
> I have created an online PHP code executor at http://web.guru99.comAlthough I have checked all security loopholes … do you experts see any major security leak that I need to care of?"
>

Right now it is very secure, as in unreachable. ;-)

Server not found: Firefox can't find the server at web.guru99.comalthough.

Regards,
Erwin Moller


--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens
Re: Help with Security [message #182976 is a reply to message #173217] Mon, 30 September 2013 16:18 Go to previous messageGo to next message
Christoph Michael Bec is currently offline  Christoph Michael Bec
Messages: 207
Registered: June 2013
Karma: 0
Senior Member
Richard Yates wrotes:

> On Sun, 29 Sep 2013 21:47:47 -0700 (PDT), chirag sharma
> <chiragsharma(dot)guru99(at)gmail(dot)com> wrote:
>
>> Hi
>> I have created an online PHP code executor at http://web.guru99.comAlthough I have checked all security loopholes … do you experts see any major security leak that I need to care of?"
>
> <?php $d='7'; echo $d?>
>
> yields: 'syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting
> T_STRING'

<?php $d="7"; echo $d;?> works, though.

> <?php echo $d; ?>
>
> yields: 'Notice: Undefined variable: d in
> /home/code1/public_html/PHP/exec.php(69) : eval()'d code on line 1'
>
> Do you really want such errors with the defined path displayed?

Indeed, that should be avoided, particularly as one can do, for instance:

<?php
$files = new DirectoryIterator(".");
foreach ($files as $file) {
echo $file;
}
?>

--
Christoph M. Becker
Re: Help with Security [message #182977 is a reply to message #182975] Mon, 30 September 2013 18:20 Go to previous message
Richard Yates is currently offline  Richard Yates
Messages: 86
Registered: September 2013
Karma: 0
Member
On Mon, 30 Sep 2013 17:20:47 +0200, Erwin Moller
<erwinmollerusenet(at)xs4all(dot)nl> wrote:

> On 9/30/2013 6:47 AM, chirag sharma wrote:
>> Hi
>> I have created an online PHP code executor at http://web.guru99.comAlthough I have checked all security loopholes … do you experts see any major security leak that I need to care of?"
>>
>
> Right now it is very secure, as in unreachable. ;-)
>
> Server not found: Firefox can't find the server at web.guru99.comalthough.
>
Not his fault. Apparently all domains using the .comalthough extension
are down :)
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Host recommendations (slightly OT)
Next Topic: Shuffle problem
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 07:06:46 GMT 2024

Total time taken to generate the page: 0.02261 seconds