News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHP Discovery Blog:
Dangers of Remote Execution
November 21, 2007 @ 13:48:00

On the PHP Discovery blog, there's a new post reminding PHP developers of some of the more dangerous ways that remote execution could effect your site and some of the common entry points it can have.

PHP has numerous ways to execute raw PHP code unless you the programmer stops it. Best way in preventing these methods is making sure you check the input of what your users are inputting, and making sure you escape all malicious actions that a hacker,cracker, kiddy scripter might want to do to your website.

He summarizes four of the things from the Pro PHP Security book from Apress (by Chris Snyder and Michael Southwell) that can leave holes in you application for would-be explots - preg_replace, shell_exec/exec, eval (which we all know is only one letter from "evil" anyway) and require/include.

0 comments voice your opinion now!
danger remote execution pregreplace include eval shellexec exec require danger remote execution pregreplace include eval shellexec exec require


blog comments powered by Disqus

Similar Posts

Jani Hartikainen's Blog: Zend Framework components as separate zips from the main distro? Sure!

Ed Finkler's Blog: Zend Studio for Eclipse and SFTPDrive not on speaking terms

ThinkPHP Blog: Handling large files with(out) PHP

PHP Discovery Blog: Dangers of Remote Execution

Paul Reinheimer's Blog: The Danger of Hooks


Community Events





Don't see your event here?
Let us know!


list opinion interview introduction unittest framework composer release series symfony api configure language threedevsandamaybe podcast community version laravel conference voicesoftheelephpant

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework