Correct me if I'm wrong, but isn't this already available in the standard PHP? In the php.ini file, you can refuse the inclusion of url's : allow_url_fopen = Off I think also Hardened PHP offers additional similar protections. Markus On Wednesday 02 March 2005 08:57, Tom Z. Meinlschmidt wrote: > Hi, > > I've experienced a lot of attacks in my hosting server due to silly users > and their scripts with holes. So I prepared this little patch to 4.3.10, > which disables using url wrappers in > include/include_once/require/require_once statemens (switchable in > php.ini). See readme.security from patch > > patch is there: > > http://orin.meinlschmidt.org/~znouza/php_patch.txt > > comments are welcome > > /tom > > -- > =========================================================================== >==== Tomas Meinlschmidt, SBN3, MCT, MCP, MCP+I, MCSE, NetApp Filer & > NetCache gPG fp: CB78 76D9 210F 256A ADF4 0B02 BECA D462 66AB 6F56 / $ID: > 66AB6F56 GCS d-(?) s: a- C++ ULHISC*++++$ P+++>++++ L+++$>++++ E--- W+++$ > N++(+) !o !K w(---) !O !M V PS+ PE Y+ PGP++ t+@ !5 X? R tv b+ !DI D+ G > e>+++ h---- r+++ z+++@ > =========================================================================== >==== -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
