Re: Securing PHP
- From: Michael Fesser <netizen@xxxxxx>
- Date: Mon, 23 Nov 2009 23:28:49 +0100
..oO(Gordon Burditt)
It becomes a better test when you check HTTP_HOST variable.
This variable belongs to the HTTP request headers and is required to
tell a shared server (means: one IP address, multiple domains) which
domain the requesting user agent wants to access. Still there's not much
of a reason to check for it. If you're on a shared server and the
requesting bot doesn't send a HTTP_HOST header, it won't even be able
Minor nit: it's a Host: header, not a HTTP_HOST: header. All of
the HTTP header variables get HTTP_ prefixed to them when they
appear in $_SERVER[].
Correct. :)
Micha
.
- References:
- Securing PHP
- From: Jim Carlock
- Re: Securing PHP
- From: Gordon Burditt
- Re: Securing PHP
- From: Jim Carlock
- Re: Securing PHP
- From: Michael Fesser
- Re: Securing PHP
- From: Gordon Burditt
- Securing PHP
- Prev by Date: Re: Securing PHP
- Next by Date: Why is shared host php GID and UID the same in my PHP Script?
- Previous by thread: Re: Securing PHP
- Next by thread: Re: Securing PHP
- Index(es):
Relevant Pages
|
