Tue, 25 Mar 2003 00:05:54 GMT
Ten Security Checks for PHP. 21 Mar 2003: On Lamp talks about ten security checks for PHP.”File uploads can suffer from a severe case of the untrusted globalvariables problem that is worth considering as an additional problem.When a file is uploaded, a PHP script is given a variable that providesthe name of the temporary file where PHP saves the uploaded file.However, the user could construct a URL that sets this variable to amalicious value such as /etc/passwd and not upload a file.” [RootPrompt.org — Nothing but Unix]
gark, luckily i do file permissions right. nobody never reaches etc.