Implicit Evaluation with PHP Archives: Security
·
15 March 2007
Comparing monolithic controllers with task-based controllers
While learning to program with MVCs, design questions like “what should be covered in a given controller” and “how many controllers do I need?” arise. After reading this, you’ll learn how to determine the answers to questions like those.
continue reading... » 0 Comments
28 October 2006
Eval in a Sandbox
You might call me an outspoken critic of eval.
However, it can sometimes be a necessary evil. Even when eval is the only way to solve a problem, it’s still a security concern. Therefore, I’d like to present a well-to-do way to call eval. It can still let perpetrators call system(”rm -rf /”) but at does […]
continue reading... » 0 Comments
1 August 2006
PHP Server Security
I was reading Rasmus’s famous OOP/Procedural [MVC]* Article and came across this tidbit.
My standard production server Apache config always has:
<Files *.inc>
deny from all
</Files>
Naming them .php instead and letting people browse them directly can be a much bigger problem since they are now being executed out of context. So you need to either put your include […]