|
Re: Help with Security [message #171750 is a reply to message #171749] |
Mon, 30 September 2013 05:00 |
J.O. Aho
Messages: 194 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 30/09/13 06:51, chirag sharma wrote:
Frist of all, do not multi post, if you want to ask the same question in
more than one relevant usergroup, then cross post.
> I have created an online PHP code executor at http://spam.example.com Although I have checked all security loopholes
> … do you experts see any major security leak that I need to care of?"
The question is anseverble if you post a location to the whole code. In
most cases the reviewer would most likely want something for the work.
--
//Aho
|
|
|
Re: Help with Security [message #173217 is a reply to message #171749] |
Mon, 30 September 2013 14:18 |
Richard Yates
Messages: 86 Registered: September 2013
Karma: 0
|
Member |
|
|
On Sun, 29 Sep 2013 21:47:47 -0700 (PDT), chirag sharma
<chiragsharma(dot)guru99(at)gmail(dot)com> wrote:
> Hi
> I have created an online PHP code executor at http://web.guru99.comAlthough I have checked all security loopholes … do you experts see any major security leak that I need to care of?"
<?php $d='7'; echo $d?>
yields: 'syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting
T_STRING'
<?php echo $d; ?>
yields: 'Notice: Undefined variable: d in
/home/code1/public_html/PHP/exec.php(69) : eval()'d code on line 1'
Do you really want such errors with the defined path displayed?
|
|
|
|
Re: Help with Security [message #182975 is a reply to message #171749] |
Mon, 30 September 2013 15:20 |
Erwin Moller
Messages: 228 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 9/30/2013 6:47 AM, chirag sharma wrote:
> Hi
> I have created an online PHP code executor at http://web.guru99.comAlthough I have checked all security loopholes … do you experts see any major security leak that I need to care of?"
>
Right now it is very secure, as in unreachable. ;-)
Server not found: Firefox can't find the server at web.guru99.comalthough.
Regards,
Erwin Moller
--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens
|
|
|
Re: Help with Security [message #182976 is a reply to message #173217] |
Mon, 30 September 2013 16:18 |
Christoph Michael Bec
Messages: 207 Registered: June 2013
Karma: 0
|
Senior Member |
|
|
Richard Yates wrotes:
> On Sun, 29 Sep 2013 21:47:47 -0700 (PDT), chirag sharma
> <chiragsharma(dot)guru99(at)gmail(dot)com> wrote:
>
>> Hi
>> I have created an online PHP code executor at http://web.guru99.comAlthough I have checked all security loopholes … do you experts see any major security leak that I need to care of?"
>
> <?php $d='7'; echo $d?>
>
> yields: 'syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting
> T_STRING'
<?php $d="7"; echo $d;?> works, though.
> <?php echo $d; ?>
>
> yields: 'Notice: Undefined variable: d in
> /home/code1/public_html/PHP/exec.php(69) : eval()'d code on line 1'
>
> Do you really want such errors with the defined path displayed?
Indeed, that should be avoided, particularly as one can do, for instance:
<?php
$files = new DirectoryIterator(".");
foreach ($files as $file) {
echo $file;
}
?>
--
Christoph M. Becker
|
|
|
Re: Help with Security [message #182977 is a reply to message #182975] |
Mon, 30 September 2013 18:20 |
Richard Yates
Messages: 86 Registered: September 2013
Karma: 0
|
Member |
|
|
On Mon, 30 Sep 2013 17:20:47 +0200, Erwin Moller
<erwinmollerusenet(at)xs4all(dot)nl> wrote:
> On 9/30/2013 6:47 AM, chirag sharma wrote:
>> Hi
>> I have created an online PHP code executor at http://web.guru99.comAlthough I have checked all security loopholes … do you experts see any major security leak that I need to care of?"
>>
>
> Right now it is very secure, as in unreachable. ;-)
>
> Server not found: Firefox can't find the server at web.guru99.comalthough.
>
Not his fault. Apparently all domains using the .comalthough extension
are down :)
|
|
|