protecting against cracking into filesystem

This is a discussion on protecting against cracking into filesystem within the PHP Language forums, part of the PHP Programming Forums category; The Natural Philosopher wrote: [putolin] >>> I would if it is cost effective. >>> >> &...


Go Back   Usenet Forums > PHP Programming Forums > PHP Language

Reload this Page protecting against cracking into filesystem

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
Page 3 of 3 < 12 3

 

LinkBack Thread Tools Search this Thread Display Modes
  #21 (permalink)  
Old 01-14-2008
Baho Utot
 
Posts: n/a
Default Re: protecting against cracking into filesystem
The Natural Philosopher wrote:

[putolin]

>>> I would if it is cost effective.
>>>
>>
>> The last major power outage her was over 5 days.
>>
>
> never more than 3.
>
>> And even if your UPS handles the power - what about your communications
>> link?
>>
>
> powered indepenmdently of te mains poqwer.

If the power outage is longer than my UPS will provide I just get on my
bicycle-generator and pedal away till the power is restored.

I am kept in good shape that way and have lost several pounds that way :)

Could the folks at Rackspace do the same?

--
Dancin in the ruins tonight
Tayo'y Mga Pinoy
Reply With Quote
  #22 (permalink)  
Old 01-15-2008
firewoodtim@yahoo.com
 
Posts: n/a
Default Re: protecting against cracking into filesystem
The responses to my original message have been mostly out of standard
textbook advice (I have 5 of them). Thanks for trying, but it still
leaves my original question unanswered. Here is the situation:

I have a set of scripts that include several forms in which users
submit information that eventually winds up on a website. One of
those forms includes a WYSIWYG textarea editor, tinyMCE. However,
there are plenty of input (single line) elements that present similar,
if smaller, opportunities to inject malicious code. Add to that the
problem of tampered GET and POST data and you have the usual CMS-like
environment in which so many bad guys get their jollies.

I know all the rules about filtering input and escaping output, but I
want to focus especially on blocking attacks that could wind up giving
an intruder control of my site's command line or otherwise executing
malicious code in my filesystem's environment. Is it possible to
actually penetrate PHP code and wind up with a blinking cursor on a
command line, logged in as the user/owner of the site? If so, do you
do that through SQL injection?, command injection via a system
command?, XSS? ...

The WYSIWYG editor presents a special problem, because filtering data
from it is so complicated, but if it does not actually give access to
the command line, I think I can figure out a way to live with
unfiltered input by other means. I just can't live with giving
someone the opportunity to rummage around in my filesystem.

Any comments?
Reply With Quote
Reply
Page 3 of 3 < 12 3
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 09:48 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0