PHITE: Security

Home

> Quick Start
> Basic Concepts
        • Elements
        • Blocks
        • Content Snippets
        • PHITE Environment
        • Other Features
        • Security
> Code Examples
> Tool Examples
> Choose Skin
> Contact Me
> Help
> Credits
> Downloads
> PHITE Sites

Links
PHP
TemplatePower
ZOPE
HotScripts
ScriptSearch

Phite (GitHub)
PHITE is now listed on GitHub


Security

PHITE does not itself interpret any arbitrary user input. You should, however, make sure that any code snippets you have sufficiently scrub user input.

As with all PHP scripts arbitrary variables can be set through GET. This is not a problem with the current script, and variables must be explicitly unpacked in code snippets.

Be aware, however, that PHITE can be made to execute any .inc file that is accessible to PHP. You should make sure that there are no potentially damaging .inc files accessible. It is good practice to drop a blank index.html file in each directory to deter people from getting directory listings.
Box Example
This is the Right box for the Basic Concepts page. It appears because there is a file called RB_001_Box_Example.inc with this text in it, in the directory PT_003_Basic_Concepts.

 
Chris Robson 2002, Tom Brennfleck 2009
Privacy        Disclaimer
Online: 1    Today: 1    Total: 73,834
Powered by Phite