include thing

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

User avatar
Virtuoso
php-forum Active User
php-forum Active User
Posts: 268
Joined: Mon Jul 21, 2003 7:05 am
Contact:

include thing

Postby Virtuoso » Mon Sep 01, 2003 8:56 am

is it possible to include a php file from another server?

ex:

url = "www.nowhere.com"
page:
include ('http://www.somewhere.com/variables.php');
echo $username;
echo $password;

toweter
New php-forum User
New php-forum User
Posts: 26
Joined: Sat Aug 30, 2003 9:04 am

Postby toweter » Mon Sep 01, 2003 9:20 am

no, if you include a file from another server,
you can see only the parsed result,
you can't access to the variables (that were a big security-risk...)

User avatar
swirlee
Moderator
Moderator
Posts: 2272
Joined: Sat Jul 05, 2003 1:18 pm
Location: A bunk in the back
Contact:

Postby swirlee » Mon Sep 01, 2003 9:27 am

This isn't a security question. Please post in the "mySQL & php coding" area next time.

toweter
New php-forum User
New php-forum User
Posts: 26
Joined: Sat Aug 30, 2003 9:04 am

Postby toweter » Mon Sep 01, 2003 9:31 am

i think it is a security-risk,
if somebody were be able to access the variables (like password or usernames)...

sigix
php-forum Active User
php-forum Active User
Posts: 364
Joined: Mon Jul 14, 2003 9:39 pm
Location: /Earth/Xion

Postby sigix » Tue Sep 02, 2003 1:15 am

passwd and other imp files are always place out the web directoy folders :arrow:

User avatar
Oleg Butuzov
Last Samuray
Last Samuray
Posts: 831
Joined: Sun Jun 02, 2002 3:09 am

Postby Oleg Butuzov » Tue Sep 02, 2003 1:26 am

toweter wrote:i think it is a security-risk,
if somebody were be able to access the variables (like password or usernames)...


hm... security?
i dint try that thing but please read comment of junk123 at cscoders dot com
http://ua.php.net/manual/ru/function.include.php

One of the previous posts mentioned that you cannot have a return value from a URI included file. This is not exactly true. What you can do is this:

myfile.php
<?
include ('http://www.abc.com/second.php');
echo $var_I_want_to_see;
?>
second.php
<?
echo '<?$var_I_want_to_see = "I can see it";?>';
?>
and the page will output
I can see it


i didnt try that, but IMHO this wouldnt be works.

toweter
New php-forum User
New php-forum User
Posts: 26
Joined: Sat Aug 30, 2003 9:04 am

Postby toweter » Tue Sep 02, 2003 2:00 am

perhaps i have written it false...
i have meant if this were possible it were a securityrisk,
that can't work, you see here...


Return to “PHP & MySQL Security”

Who is online

Users browsing this forum: No registered users and 1 guest