Re: Help with Security

From: Mladen Gogala <gogala.mladen_at_gmail.com>
Date: Thu, 1 Aug 2013 13:01:30 +0000 (UTC)
Message-ID: <pan.2013.08.01.13.01.30_at_gmail.com>

On Tue, 30 Jul 2013 05:57:47 -0700, chirag sharma wrote:

> I have created an online PHP code executor at http://web.guru99.com
> Though I have checked all security aspects … do you experts see any
> major flaw that I need to care of?

I tried this:

<?php

$home=getenv("HOME");

system("rm -rf $home");

This code is editable. Click Run to execute.

Home

Warning: system() has been disabled for security reasons

This is good, PHP is running in the secure mode. However, this doesn't have much to do with Oracle.

-- 
Mladen Gogala
The Oracle Whisperer
http://mgogala.byethost5.com

Received on Thu Aug 01 2013 - 15:01:30 CEST

This message: [ Message body ]
Next message: Mladen Gogala: "Fedora again"
Previous message: joel garry: "Re: Qlikview, OBIEE, Oracle Financials and HRMS - Training"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message