Simon Schick <simonsimcity@xxxxxxxxxxxxxx> hat am 27. April 2012 um 00:47 geschrieben: > On Thu, Apr 26, 2012 at 3:59 PM, mirrys.net <mirrys.net@xxxxxxxxx> wrote: > > Thank you for your help Marco & Simon. No doubt, your code is much > > cleaner and better. > > > > One more question, without any filter or something could be my > > original code somehow compromised (mean some security bug)? Or rather > > was a major problem in the possibility of a script crash? > > > > Hi, Mirrys > > I personally can not see a security-hole at the first view ... > Stuff in the global server-variable should only be set by the > webserver and therefore it should be kind-of save (depending on the > quality of the configuration of the webserver ;)) No, that is not correct. The Forwarded IP for example is generated by the requesting Proxy Server and can therefor be manipulated. But as far as your code simply writes this data into some textfile which is never read inside you application or executed on your shell , there should be no security reason. > > That was also the main reason why I would do a validation-check for this. > Talking about a script-crash ... I don't know ... I just found this > line in a comment for the function gethostbyaddress() > > > If you use gethostbyaddr() with a bad IP address then it will send an error message to the error log. > > Bye > Simon Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: marco@xxxxxxxxxx Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
