liicis Posted February 15, 2006 Report Share Posted February 15, 2006 ir ideja izveidot savu serveri lapu hostam, tadel gribetu uzinat kadas funkcijas vajadzetu aizliegt php lietot? Lai gadijuma, ja kads hosters izvieto lapu ar kludam, nevaretu(vai butu mazaka iespeja) iegut informaciju par citam lapam, to saturu vai pasha servera parolem utt? Vienreiz uzduros labam rakstam, bet pazaudeju linku uz to, varbuut kads var padaliities? Taja bija rasktiits par funkcijam, kuras visbiezak izmanto, lai uzlauztu serveri atrodot problemas kada majaslapa Link to comment Share on other sites More sharing options...
andrisp Posted February 15, 2006 Report Share Posted February 15, 2006 nu droši vien vajadzētu sākt ar exec() :) Link to comment Share on other sites More sharing options...
v3rb0 Posted February 15, 2006 Report Share Posted February 15, 2006 vēl allow-url-fopen vajag disablēt (un enablot tikai, pēc pieprasījumiem uz domainu A, B un C), lai pasargātos no tā ka kādā līkā scriptā var inclūdot kaut ko no kāda sliktā urķa servera. Link to comment Share on other sites More sharing options...
Kristabs Posted February 15, 2006 Report Share Posted February 15, 2006 Lai gadijuma, ja kads hosters izvieto lapu ar kludam, nevaretu(vai butu mazaka iespeja) iegut informaciju par citam lapam, to saturu vai pasha servera parolem utt? jail, chroot Link to comment Share on other sites More sharing options...
Klez Posted February 15, 2006 Report Share Posted February 15, 2006 safe mode ON open base dir katram savu www diru :) jau buus sekjuuri :) Link to comment Share on other sites More sharing options...
GedroX Posted February 17, 2006 Report Share Posted February 17, 2006 Eval() noteikti jānoņem. Link to comment Share on other sites More sharing options...
Robis Posted February 17, 2006 Report Share Posted February 17, 2006 Noteikti jānoņem arī print(), echo() un include(); Link to comment Share on other sites More sharing options...
bubu Posted February 17, 2006 Report Share Posted February 17, 2006 Robi: a printf() un require() nav jānoņem? Link to comment Share on other sites More sharing options...
Kaitnieks Posted February 18, 2006 Report Share Posted February 18, 2006 Robi: a printf() un require() nav jānoņem? Nee, tas ir drošas :P Link to comment Share on other sites More sharing options...
Recommended Posts