passing on variables - security and directory listings 
Author Message
 passing on variables - security and directory listings

Hi,
I'm trying to create one dynamic directory listings page using php.
The problem I'm having is telling the page the directory I want read.
The only way I can think is to specify in the url :
http://localhost/list.php?dir=/dir/
However, this is potential a security risk that I don't want to take.
Can anyone help me with this security risk?  The only way I can think
of is something on the server's level to do with permissions on
folders, but that's something I'd rather not do.
Thanks in advance,
Andrew


Wed, 28 Sep 2005 02:48:51 GMT  
 passing on variables - security and directory listings

Quote:

> Hi,
> I'm trying to create one dynamic directory listings page using php.
> The problem I'm having is telling the page the directory I want read.
> The only way I can think is to specify in the url :
> http://localhost/list.php?dir=/dir/
> However, this is potential a security risk that I don't want to take.
> Can anyone help me with this security risk?  The only way I can think
> of is something on the server's level to do with permissions on
> folders, but that's something I'd rather not do.

If you can post to this page from another, you can use the form object
and not have to pass a query string.  I'm guessing you're building the
link from somewhere else, right?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~   /   \  /             Live from Montgomery, AL!   ~
~  /     \/       o                                  ~
~ /      /\   -   |       AIM:  LXi0007              ~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Wed, 28 Sep 2005 10:46:37 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. Passing the current directory path to a variable - awk on a PC

2. Selecting a file listing (directory) by date

3. Directory Listing

4. Directory listing

5. ClarionMag third party product directory enhanced listings

6. LISTING DIRECTORIES IN BROWSE

7. Directory Listing in Clarion

8. listing a partitioned dataset directory

9. Directory Listing

10. Directory listings and path names

11. search files / directory listing

12. directory listings

 

 
Powered by phpBB® Forum Software