Merlin wrote:
I am wondering if I am opening a potential security risk by
including files on remote servers. I am doing an include
('http:/www.server.com/file.html') inside a php script of mine
to seperate content from function. Content is produced by a friend of
mine and
I do not want to grant access to my server to him.
Yes, your friend (or anyone who compromises his server, who may very
well *not* be friendly :) can output any PHP code he likes from that
URL, and your server will execute it.
Not Good(tm).
You could do:
| echo file_get_contents( 'http://www.server.com/file.html' );
but only if you really trust his server to never get compromised, as
that would allow an attacker to replace content on your website with
anything they liked.
Jasper
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
