On Wed, September 13, 2006 6:48 pm, Miguel Vaz wrote: > I am doing a php+mysql website at my office, hosted locally but open > to the web, but i wouldnt like to host my files on our office server. You can use allow_url_fopen and then http://php.net/require (and include) will be able to suck down PHP source from ANY place on the Internet and execute it locally. Of course, if you don't 100% TRUST that other place you are getting the code from, you've got a major security hole. And if you suspect people might want to attempt to hijack the connection between the servers and feed you their own PHP instead of your own, or even your own PHP *plus* their PHP (man-in-the-middle attack) then you've got a major security hole. And, of course, if somebody else is foolish enough to blindly install something on the server that sucks down random PHP code from somewhere else and executes it, you've got a major security hole. So, it *CAN* be done, but with all kinds of potentials for major security holes. Depending on your needs/risk/skills/exposure, you may or may not want to do this. You'd want to at least consider making it an SSL or VPN tunnel or something, so that the code is not subject to man in the middle attack. You might instead want to explore setting up rsync so you can have the source in two places, or using subversion or CVS so you have have the source in a single place, or some similar idea of having both sites snag the source from a trusted location on a regular basis. > I could host them somewhere else but our mysql database cant be > accessed from the outside, only from our server. If they are not letting you access the database from another server, not even one specific server with mysql specially set up for that purpose, then they'll probably be aghast at the idea of sucking down random bits of PHP code from somewhere else and running it. > I thought about having a simple php local file that would include my > files that are hosted someplace else, and therefor be able to access > my local database, would that be possible? My first thought would > probably be no, but i cant really do any tests right now, thats why i > am asking you guys. It *CAN* be done. It's just probably not a Good Idea, in most cases, or at least there's probably a Better Way. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
