NYCPHP Meetup

[nycphp-talk] server-writable php files (was: using PHP to create a php file)

Ken Robinson kenrbnsn at rbnsn.com
Fri Jun 9 17:01:18 EDT 2006


At 04:51 PM 6/9/2006, Allen Shaw wrote:
>1. Create the file
>2. store md5 checksum of in database
>3. compare stored checksum and actual file checksum anytime before
>running the file later.
>
>No?

That might be fine for files you create, but what is going to stop a 
malicious person who finds the directory, put his own scripts into 
it, and causes havoc to your server or the web and you won't even 
know he's there until too late.

Ken 




More information about the talk mailing list