[FX.php List] Why doesn't this parse?
Chris Hansen
chris at iViking.org
Wed May 21 08:24:59 MDT 2008
I don't know about Erik, but I was referring to the practice of
allowing users free reign to determine what your page outputs using
the eval() function, and has nothing to do with heredoc specifically.
(For example, a user could experiment with variables and perhaps come
up with the ones containing FileMaker security credentials...) Erik's
method is safer since it doesn't simply allow a user to output ANY
variable that may available on the page. Erik, correct me if I'm
wrong here.
--Chris
On May 20, 2008, at 5:54 PM, Jonathan Schwartz wrote:
> I defer to Chris and Erik.
>
> Jonathan
>
> At 1:18 AM +0200 5/21/08, Gjermund Gusland Thorsen wrote:
>> What is the security risk in heredoc?
>>
>> ggt
>>
>
> --
> Jonathan Schwartz
> Exit 445 Group
> jonathan at exit445.com
> http://www.exit445.com
> 415-381-1852
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
More information about the FX.php_List
mailing list