Hi there,
I am wondering if I am opening a potential security risk by
including files on remote servers. I am doing an include
('http:/www.server.com/file.html') inside a php script of mine
to seperate content from function. Content is produced by a friend of mine and
I do not want to grant access to my server to him.
If including <? phpinfo(); ?> into his file, I do get the info of php and
I believe it is the phpinfo of my server. Also I am not quit sure.
That lets me believe that he could write now any php code which would be
ececuted on my server. Is that right? And if yes, what can I do against it?
Merlin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
