On Thu, November 30, 2006 12:29 pm, Edwin Barrios wrote:
> This is not triue because a shell vars declered on a shell is only
> exposed
> to its subshells, that means that only exec's and system functions
> calls
> into the php itself resive those vars declared into the php !
>
> You can see this argument in the following code
>
> <?php
> error_reporting(E_ALL);
>
>
> echo "OLD <pre>";
> system("env");
> echo "</pre>";
>
> putenv("DBNAME=sidf");
> putenv("DBUSER=p");
> putenv("DBPASSWD=p");
>
> echo "NEW <pre>";
> system("env");
> echo "</pre>";
>
> ?>
>
> and reloading these a couple of times.
My point was that somebody who was doing:
system("env");
in a different part of the script, to debug something else, will
expose the password, probably without even realizing it.
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
