For 2023 (and 2024 ...) - we are now fully retired from IT training. We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.
Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!
I am also active in many other area and still look after a lot of web sites - you can find an index ((here)) |
A lion in a cage - PHP
 A lion in a cage shouldn't be a danger - but release the lion from the cage and you could be at risk.
An include file that's pulled in by a PHP script shouldn't be a danger if it's used only from within that PHP script, but if it has its own URL the it could be released like the lion, and it could be a danger. If you're writing a PHP script that requires or includes files, please put the included files in a directory that's NOT got its own URL .... you can do it by giving a path to the file in the include or require statements, or by using the preconfigured directory that's set up on your PHP installation.
Image from Hone's Everyday Book (written 2006-11-10, updated 2006-11-12)
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles H117 - Security in PHP [345] Spotting a denial of service attack - (2005-06-12) [426] Robust checking of data entered by users - (2005-08-27) [947] What is an SQL injection attack? - (2006-11-27) [1052] Learning to write secure, maintainable PHP - (2007-01-25) [1086] Injection attacks - safeguard your PHP scripts - (2007-02-20) [1323] Easy handling of errors in PHP - (2007-08-27) [1387] Error logging to file not browser in PHP - (2007-10-11) [1396] Using PHP to upload images / Store on MySQL database - security questions - (2007-10-19) [1482] A story about benchmarking PHP - (2007-12-23) [1542] Are nasty programs looking for security holes on your server? - (2008-02-17) [1679] PHP - Sanitised application principles for security and useability - (2008-06-16) [1694] Defensive coding techniques in PHP? - (2008-07-02) [1747] Who is watching you? - (2008-08-10) [1779] Injection Attacks - avoiding them in your PHP - (2008-08-31) [2025] Injection Attack if register_globals in on - PHP - (2009-02-04) [2628] An example of an injection attack using Javascript - (2010-02-08) [2688] Security considerations in programming - what do we teach? - (2010-03-22) [2939] Protecting your images from use out of context - (2010-08-29) [3210] Catchable fatal error in PHP ... How to catch, and alternative solutions such as JSON - (2011-03-22) [3698] How to stop forms on other sites submitting to your scripts - (2012-04-15) [3747] An easy way to comply with the new cookie law if your site is well designed - (2012-06-02) [3813] Injection Attacks - PHP, SQL, HTML, Javascript - and how to neutralise them - (2012-07-22) [4642] A small teaching program - demonstration of principles only - (2016-02-08)
Some other Articles
The LAMP Cookbook - Linux, Apache, MySQL, PHP / PerlWhy shouldn't I spam?Staying at your own hotelFrench ExchangeA lion in a cage - PHPFreedom for X is denial of privacy for YDatabases needn't be frightening, hard or expensiveSyntax checking in PHPDriving customers awayPaging through hundreds of entries
|
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page
This is a page archived from The Horse's Mouth at
http://www.wellho.net/horse/ -
the diary and writings of Graham Ellis.
Every attempt was made to provide current information at the time the
page was written, but things do move forward in our business - new software
releases, price changes, new techniques. Please check back via
our main site for current courses,
prices, versions, etc - any mention of a price in "The Horse's Mouth"
cannot be taken as an offer to supply at that price.
Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).
|
|