Python, Lua and Tcl - public course schedule [here] Private courses on your site - see [here] Please ask about maintenance training for Perl, PHP, Java, C, C++, Ruby, MySQL and Linux / Tomcat systems |
A lion in a cage - PHP
 A lion in a cage shouldn't be a danger - but release the lion from the cage and you could be at risk.
An include file that's pulled in by a PHP script shouldn't be a danger if it's used only from within that PHP script, but if it has its own URL the it could be released like the lion, and it could be a danger. If you're writing a PHP script that requires or includes files, please put the included files in a directory that's NOT got its own URL .... you can do it by giving a path to the file in the include or require statements, or by using the preconfigured directory that's set up on your PHP installation.
Image from Hone's Everyday Book (written 2006-11-10, updated 2006-11-12)
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles H117 - Security in PHP [4642] A small teaching program - demonstration of principles only - (2016-02-08) [3813] Injection Attacks - PHP, SQL, HTML, Javascript - and how to neutralise them - (2012-07-22) [3747] An easy way to comply with the new cookie law if your site is well designed - (2012-06-02) [3698] How to stop forms on other sites submitting to your scripts - (2012-04-15) [3210] Catchable fatal error in PHP ... How to catch, and alternative solutions such as JSON - (2011-03-22) [2939] Protecting your images from use out of context - (2010-08-29) [2688] Security considerations in programming - what do we teach? - (2010-03-22) [2628] An example of an injection attack using Javascript - (2010-02-08) [2025] Injection Attack if register_globals in on - PHP - (2009-02-04) [1779] Injection Attacks - avoiding them in your PHP - (2008-08-31) [1747] Who is watching you? - (2008-08-10) [1694] Defensive coding techniques in PHP? - (2008-07-02) [1679] PHP - Sanitised application principles for security and useability - (2008-06-16) [1542] Are nasty programs looking for security holes on your server? - (2008-02-17) [1482] A story about benchmarking PHP - (2007-12-23) [1396] Using PHP to upload images / Store on MySQL database - security questions - (2007-10-19) [1387] Error logging to file not browser in PHP - (2007-10-11) [1323] Easy handling of errors in PHP - (2007-08-27) [1086] Injection attacks - safeguard your PHP scripts - (2007-02-20) [1052] Learning to write secure, maintainable PHP - (2007-01-25) [947] What is an SQL injection attack? - (2006-11-27) [426] Robust checking of data entered by users - (2005-08-27) [345] Spotting a denial of service attack - (2005-06-12)
Some other Articles
The LAMP Cookbook - Linux, Apache, MySQL, PHP / PerlWhy shouldn't I spam?Staying at your own hotelFrench ExchangeA lion in a cage - PHPFreedom for X is denial of privacy for YDatabases needn't be frightening, hard or expensiveSyntax checking in PHPDriving customers awayPaging through hundreds of entries
|
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page
This is a page archived from The Horse's Mouth at
http://www.wellho.net/horse/ -
the diary and writings of Graham Ellis.
Every attempt was made to provide current information at the time the
page was written, but things do move forward in our business - new software
releases, price changes, new techniques. Please check back via
our main site for current courses,
prices, versions, etc - any mention of a price in "The Horse's Mouth"
cannot be taken as an offer to supply at that price.
Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).
|
|