usamember usamember - 1 year ago 111
PHP Question

PHP allow URL include

I want to ask something regarding

allow_url_include
- ...

If a server have got
allow_url_include
enabled in the PHP configuration ... Can the server owner easily create a PHP script and do something like:

include("http://example.com/configuration.php");
echo $mysql['username'];


So he can get the value of the MySQL username?

If that was possible, can I disallow that on my script to prevent hackers?

Thank you!

Answer Source

No, he will get the same thing as you have in your web browser. That would be a huge security issue.

Note that if your webserver is misconfigured, it can happen.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download