2009/1/7 Shawn McKenzie <nospam@xxxxxxxxxxxxx>: > Daniel Kolbo wrote: >> Hello, >> >> suppose there is a file at http://otherhost.com/remote.php that looks >> like this: >> >> <?php >> if (!isset($safe_flag)) >> { >> die("hacking attempt"); >> } >> echo "You are in"; >> ?> >> >> Suppose i executed the following php file at http://myhost.com/local.php >> >> <?php >> require_once("http://otherhost.com/remote.php";); >> ?> >> >> Is there any way to get local.php to display "You are in", by only >> modifying local.php? That is, is there a way to set $safe_flag on the >> remote host as one requests a file from the remote host from within >> local.php? >> >> I have genuine, academic, non-belligerent intentions when asking this >> question. > > local.php > > <?php > > $safe_flag = 1; > require_once("http://otherhost.com/remote.php";); > > ?> If the remote side is returning the code rather than running it then anyone can see exactly what to do to get it to work. There is no security there. OP: Does otherhost.com run the code or return it? -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
