Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

include thing

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

include thing

Postby Virtuoso » Mon Sep 01, 2003 8:56 am

is it possible to include a php file from another server?

ex:

url = "www.nowhere.com"
page:
include ('http://www.somewhere.com/variables.php');
echo $username;
echo $password;
User avatar
Virtuoso
php-forum Active User
php-forum Active User
 
Posts: 268
Joined: Mon Jul 21, 2003 7:05 am

Postby toweter » Mon Sep 01, 2003 9:20 am

no, if you include a file from another server,
you can see only the parsed result,
you can't access to the variables (that were a big security-risk...)
toweter
New php-forum User
New php-forum User
 
Posts: 26
Joined: Sat Aug 30, 2003 9:04 am

Postby swirlee » Mon Sep 01, 2003 9:27 am

This isn't a security question. Please post in the "mySQL & php coding" area next time.
User avatar
swirlee
Moderator
Moderator
 
Posts: 2272
Joined: Sat Jul 05, 2003 1:18 pm
Location: A bunk in the back

Postby toweter » Mon Sep 01, 2003 9:31 am

i think it is a security-risk,
if somebody were be able to access the variables (like password or usernames)...
toweter
New php-forum User
New php-forum User
 
Posts: 26
Joined: Sat Aug 30, 2003 9:04 am

Postby sigix » Tue Sep 02, 2003 1:15 am

passwd and other imp files are always place out the web directoy folders :arrow:
sigix
php-forum Active User
php-forum Active User
 
Posts: 364
Joined: Mon Jul 14, 2003 9:39 pm
Location: /Earth/Xion

Postby Oleg Butuzov » Tue Sep 02, 2003 1:26 am

toweter wrote:i think it is a security-risk,
if somebody were be able to access the variables (like password or usernames)...


hm... security?
i dint try that thing but please read comment of junk123 at cscoders dot com
http://ua.php.net/manual/ru/function.include.php

One of the previous posts mentioned that you cannot have a return value from a URI included file. This is not exactly true. What you can do is this:

myfile.php
<?
include ('http://www.abc.com/second.php');
echo $var_I_want_to_see;
?>
second.php
<?
echo '<?$var_I_want_to_see = "I can see it";?>';
?>
and the page will output
I can see it


i didnt try that, but IMHO this wouldnt be works.
Oleg Butuzov
Last Samuray
Last Samuray
 
Posts: 831
Joined: Sun Jun 02, 2002 3:09 am

Postby toweter » Tue Sep 02, 2003 2:00 am

perhaps i have written it false...
i have meant if this were possible it were a securityrisk,
that can't work, you see here...
toweter
New php-forum User
New php-forum User
 
Posts: 26
Joined: Sat Aug 30, 2003 9:04 am


Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.