|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 54
Members: 0
Total: 54
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Require() |
|
Posted: Thu Dec 18, 2008 9:47 pm |
|
|
-AO- |
Advanced user |
|
|
Joined: Jul 15, 2008 |
Posts: 205 |
Location: United States |
|
|
|
|
|
|
If a site is require() something from another site (same owner).
Code: | require('site2.com/index.php') |
can I require a configuration file from site2.com? I'm hoping that this is set up in .htaccess of accepted ips to require from. |
|
|
|
|
Posted: Fri Dec 19, 2008 5:12 am |
|
|
mge |
Valuable expert |
|
|
Joined: Jul 16, 2008 |
Posts: 142 |
|
|
|
|
|
|
|
unless you make that configuration site world-readable via HTTP (meaning you could display its contents in the web browser) which of course isn't a good idea it won't work.
i strongly suggest setting up individual settings. if it's both on the same hard drive, just adjust the path settings.
if you really need to remote include a configuration file, i'd forbid any other ip's access by .htaccess like you already said, plus i'd encrypt the data somehow and probably build a caching mechanism (if it is practicable for you, maybe only as a fallback) |
|
|
|
|
www.waraxe.us Forum Index -> Shell commands injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|