Including remote file security

PythonPython Forum LeaderThe Royal RAM
in Coding Languages
For a script I am creating which will be used on other peoples hosts is it safe for me to remotely include a php file?

For example on devdreams.com there is a file called count.php and inside it it connects to my database and just update a counter. Then in the distributed script this count.php file is included using include()

Are there any security issues with this or are there any ways to stop them from finding out what is within the count.php file...

The Royal Ram

Comments

  • pfgannonpfgannon Moderator Administrator
    You can try something like phpaudit... Don't know if thats exactly what you're looking for though.
    logo.png
    Submit your threads
    Music Forum
    My Web Entrepreneur Blog
    VolumeBoost - Member Chosen Music News
  • ChroderChroder Senior Member The Royal RAM
    It's quite safe
    PHP Manual wrote:
    If "URL fopen wrappers" are enabled in PHP (which they are in the default configuration), you can specify the file to be included using a URL (via HTTP or other supported wrapper - see Appendix M for a list of protocols) instead of a local pathname. If the target server interprets the target file as PHP code, variables may be passed to the included file using a URL request string as used with HTTP GET. This is not strictly speaking the same thing as including the file and having it inherit the parent file's variable scope; the script is actually being run on the remote server and the result is then being included into the local script.
    The PHP code isn't being run on your server.

    Unless you're reading a file and eval()'ing it, the only thing you need to watch out for is XSS.
    The New Tech - New
    Webmaster-Talk.com
    Chroder.com
  • PythonPython Forum Leader The Royal RAM
    Ok thanks :)

    The Royal Ram

Sign In or Register to comment.