[nycphp-talk] allow_url_fopen
Chris Shiflett
shiflett at php.net
Sat Aug 21 00:13:35 EDT 2004
--- George Schlossnagle <george at omniti.com> wrote:
> allow_url_fopen is a pretty big security issue - it really heightens
> your exposure to cross-site scripting attacks.
I agree with the first point, but I don't follow the second one. Are you
considering the accidental inclusion of foreign source code to be a
cross-site scripting attack, or is there something I'm missing?
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
More information about the talk
mailing list