| View previous topic :: View next topic |
| Author |
Message |
RTAdams89
-
Joined: 06 Nov 2005
Posts: 102
|
 Posted: Thu Dec 22, 2005 7:31 pm Post subject: PHP Security |
 |
|
| I try to check all my scripts for potential vulnerabilities, but there is still a chance of one slipping through. The must common one seams to be inputs which aren't validated allowing the site visitor to run a command. Is there an program I can run on my windows box to watch for suspicious commands and block them? For example, if it sees "del c:\*.*" it would recognize that as something which should not be run and automatically block it. |
|
| Back to top |
  |
 |
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Thu Dec 22, 2005 7:34 pm Post subject: |
|
|
Setting PHP to safemode is the best way to avoid this but it can cause problems to scripts that rely on commands that are deactivated when in safe mode.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
 |
|
RTAdams89
-
Joined: 06 Nov 2005
Posts: 102
|
| Posted: Thu Dec 22, 2005 8:10 pm Post subject: |
|
|
| Yeah, safe mode won't work for me as some scripts need to use commands blocked in safe mode. Is there a way to limit the commands a script can use? |
|
| Back to top |
|
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Thu Dec 22, 2005 8:22 pm Post subject: |
|
|
You can turn the extension off but then some of your other scripts might not work.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
|
