[thelist] PHP template code security sufficient?
Jeffrey Barke
jeffrey.barke at themechanism.com
Tue May 15 16:58:42 CDT 2007
I only skimmed the article, but it doesn't appear to touch on
security at all, Peter. The code fragment you send the list will only
insert the contents of an HTML page [$page is a variable] between the
<div> tags. If you're looking for security, try:
PHP Login System with Admin Features
http://evolt.org/node/60384
Jeffrey
--
Cheers.
Jeffrey Barke
jeffery.barke at theMechanism.com
Lead Developer, US
theMechanism - New York City
440 9th Avenue, 8th Floor
New York, NY 10001-1631
t: +1 212.404.3150
c: +1 917.941.1232
f: +1 212.404.3228
http://www.theMechanism.com
Subscribe to theMechcast, our monthly Podcast:
http://feeds.feedburner.com/theMechcast
theMechanism - London
3rd Floor
405 The Strand
London E14 9FW
United Kingdom
t: +44 (0)20 7240 4942
f: +44 (0)20 7240 2262
--
The information contained in this Electronic mail message is attorney
privileged and confidential information intended only for the use of
the individual or entity named above. Such information also is
intended to be privileged, confidential, and exempt from disclosure
under applicable law. If the reader of this message is not the
intended recipient or the employee or agent responsible to deliver it
to the intended recipient, you are hereby notified that any
dissemination, distribution, or copying of this communication is
strictly prohibited. If you have received this communication in
error, please notify us immediately by telephone.
Blah, blah, blah...
--
On May 15, 2007, at 5:34 PM, P Chen wrote:
> I was reading an old tutorial on A List Apart regarding building a PHP
> template based site using the following code to insert page-specific
> content, but wasn't sure if this was sufficient in terms of
> security. I
> don't know much about php security, so I'm hoping someone can shed
> light on
> this piece of code, what it's vulnerable to, etc...
>
> http://alistapart.com/articles/phpcms/
>
> <div class="body">
> <?php @ require_once ("$page.html"); ?>
> </div>
>
> Thanks,
> Peter
>
> --
>
> * * Please support the community that supports you. * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
More information about the thelist
mailing list