Ave, I understand what you're saying, and logically I guess I need to validate $F and verify if it contains a concoction of what I want to be publicly accessible, and nothing else. Is there any other suggestions you can provide in helping secure this flaw? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Rahul Sitaram Johari CEO, Twenty Four Seventy Nine Inc. W: http://www.rahulsjohari.com E: sleepwalker@xxxxxxxxxxxxxxxx ³I morti non sono piu soli ... The dead are no longer lonely² On 4/1/07 1:59 AM, "Richard Lynch" <ceo@xxxxxxxxx> wrote: > The problem is that with "readfile($F)" you've just made ALL the files > that PHP can read *also* publicly accessible. > > This includes all your PHP source code, /etc/passwd, and all around > *WAY* too much stuff all over your server. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
