FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.
Home » Imported messages » comp.lang.php » Help with Security Have I coded this correctly?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Help with Security Have I coded this correctly? [message #182072 is a reply to message #182069] Wed, 03 July 2013 17:42 Go to previous messageGo to previous message
Timothy is currently offline  Timothy
Messages: 3
Registered: June 2013
Karma:
Junior Member
On Tue, 02 Jul 2013 23:50:44 -0700, chirag sharma wrote:
> I have created an online PHP code executor at http://web.guru99.com

Wow! That site looks very neat!

> Though I have checked all security aspects … do you experts see any
> major flaw that I need to care of?

I would only whitelist allowable patterns/functions. I it very plausible
to miss an attack/harmful function in a blacklist.

For example I could partially read your source code by running:
<?php
readfile("exec.php");
?>

I could not test your script reliably, because sometimes 'exec.php'
throws an Apache 403 Forbidden error.


Be sure to disable include/require and the *_once variant, because they
might include a remote script.


Timothy

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Consumir Web Service usando SoapClient y Certificados jsk
Next Topic: How can i get value of text area?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 15:54:51 GMT 2024

Total time taken to generate the page: 0.04129 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.1.3.
Copyright ©2001-2023 FUDforum Bulletin Board Software