Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Securing PHP

Status
Not open for further replies.
new2this2002

new2this2002

Programmer
Jun 22, 2002
67
GB
Is there a way in which i can prevent php from processing files other than file with .php extension. The reason I ask is I am able to place php code within an image file (disguise it) and php executes the image file as if it were a php script...is there anyway to prevent this?

i am using PHP 4.4.0 and the Jana Web Server

...any help is greatly appreciated :))
 
Sort by date Sort by votes
what is the correct way to call this file? through another script? this will help me in devicing some sort of method...

Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
just using the php.exe ... so if i do 'php.exe fred.gif' .. if there is php code in the gif (basically a php file renamed as gif), it gets executed. I only became aware of this after someone hacked one of my servers
 
Upvote 0 Downvote
so u want a file on the server that is NOT accessible at ALL by any browsers???

Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cdlvj
  • Question
PHP Debugging
Replies
1
Views
271
cdlvj
cdlvj
W
  • Locked
  • Question
how to send checked row data in php
Replies
0
Views
124
wiltang2004
W
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
453
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
372
PeDa
PeDa
Mandy_crw
  • Locked
  • Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
398
vishvajit
vishvajit

Part and Inventory Search

Sponsor

Back
Top