[FX.php List] Why doesn't this parse?

Chris Hansen chris at iViking.org
Wed May 21 08:24:59 MDT 2008


I don't know about Erik, but I was referring to the practice of  
allowing users free reign to determine what your page outputs using  
the eval() function, and has nothing to do with heredoc specifically.   
(For example, a user could experiment with variables and perhaps come  
up with the ones containing FileMaker security credentials...)  Erik's  
method is safer since it doesn't simply allow a user to output ANY  
variable that may available on the page.  Erik, correct me if I'm  
wrong here.

--Chris

On May 20, 2008, at 5:54 PM, Jonathan Schwartz wrote:
> I defer to Chris and Erik.
>
> Jonathan
>
> At 1:18 AM +0200 5/21/08, Gjermund Gusland Thorsen wrote:
>> What is the security risk in heredoc?
>>
>> ggt
>>
>
> -- 
> Jonathan Schwartz
> Exit 445 Group
> jonathan at exit445.com
> http://www.exit445.com
> 415-381-1852
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>



More information about the FX.php_List mailing list