[nycphp-talk] server-writable php files (was: using PHP to create a php file)
Ken Robinson
kenrbnsn at rbnsn.com
Fri Jun 9 17:01:18 EDT 2006
At 04:51 PM 6/9/2006, Allen Shaw wrote:
>1. Create the file
>2. store md5 checksum of in database
>3. compare stored checksum and actual file checksum anytime before
>running the file later.
>
>No?
That might be fine for files you create, but what is going to stop a
malicious person who finds the directory, put his own scripts into
it, and causes havoc to your server or the web and you won't even
know he's there until too late.
Ken
More information about the talk
mailing list