News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

DZone.com:
Hardening PHP How to securely include remote code (part 1)
June 10, 2011 @ 10:28:26

On the PHP on Windows blog from DZone.com Krzysztof Kotowicz has a new post - part one in a series on securing your PHP application - a look at securely including remote code from a source outside of your application.

First post of the series discussing various methods of including remote PHP code in your application - from security standpoint. In this post we discuss the history of remote code execution vulnerabilities in PHP apps and ways to prevent them. We finish off by presenting an unsecure method of including a remote code and describe what is the problem with that method.

He looks at the insecurity of a standard include/require, the allow_url_include php.ini setting and the issues with using hardcoded locations (like incorrect DNS records pointing to the wrong host).

1 comment voice your opinion now!
harden application include remote code security


blog comments powered by Disqus

Similar Posts

FrSIRT: Vivvo Article Management CMS SQL Injection and PHP File Inclusion Vulnerabilities

PHP.net: PHP 5.3.11 And PHP 5.4.1 Released!

PRADO Watch Blog: PRADO Watch: Interview With Timani Tunduwani - Why I Moved From CakePHP to PRADO

PHP Security Blog: Why I don\'t fear the Zend Framework

Codeacy Blog: Your Greatest Code Quality Threats and How to Solve Them


Community Events





Don't see your event here?
Let us know!


series tool symfony opinion composer version framework laravel podcast release language interview security conference community voicesoftheelephpant introduction list library artisanfiles

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework