php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #20599 DoS PHP/include...
Submitted: 2002-11-23 13:34 UTC Modified: 2002-11-23 14:35 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: sc2 at gmx dot at Assigned:
Status: Wont fix Package: Scripting Engine problem
PHP Version: 4.2.3 OS: suse
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: sc2 at gmx dot at
New email:
PHP Version: OS:

 

 [2002-11-23 13:34 UTC] sc2 at gmx dot at
hello 
i just wanna know if it is in any future version of php any variant to stop DoS / with Includes
see
http://geodsoft.com/opinion/PHP-DoSattacks.htm

so that users can make endless lopp with includes

yes i know i can disable the include dir./require..but is there any other that i can make (or php team) so that DoS is not so easy..

thx

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-11-23 13:36 UTC] derick@php.net
no, we're not going to disallow include/require.

Derick
 [2002-11-23 13:36 UTC] sniper@php.net
This has been told many times before..you really should have searched the bug database first. 

If you didn't know, you can do the same thing in quite many
ways, not only with include()..

 [2002-11-23 13:51 UTC] sc2 at gmx dot at
ok thanks and sorry for your time

but where is responsible for this?...may a contact apache ..? for hosters it would be easy when apache or php checks if in XX-Times the same include is open....auto detect...(yes other ways works too but oftens includes are used (with false scripts etc))
 [2002-11-23 13:53 UTC] derick@php.net
It's really not for PHP to solve all problems of the world.


 [2002-11-23 14:00 UTC] sc2 at gmx dot at
yes thats not but it is a "php" releated problem..
i know it is free etc...
but if anyone of the PHP has the time / ressource...
/ knowledge... it doesnt hurt for php team..if they made a feature for the admins of php..

it is the time,money or just a "presdige"?
be cool, dont be so "aggressiv" in your answers
 [2002-11-23 14:04 UTC] derick@php.net
Official statement:
We don't have any interest in fixing this problem as it would make PHP unnecessary slow; things like this were discussed before on numerous times, I'm sure you can find them in our bug database.

And my answer has nothing to do with prestige, it's more common sense. And if you think this was an aggresive answer you're wrong, I can be much worse :)

Derick
 [2002-11-23 14:06 UTC] sc2 at gmx dot at
ok thx , if you mean this is the right way...
 [2002-11-23 14:07 UTC] sc2 at gmx dot at
ps: you can solve it, thx
 [2002-11-23 14:35 UTC] zimt@php.net
hey,
maybe you dont understand:

This is no Error in PHP.

you can do endless loops in nearly every Programming language - thats not a bug of this language, its responsibility of the Users (the Coders who use this Language).

If you would have read and understand the article you quoted (ok, you posted the URL), you would have seen it isnt a Bug.

If you do not want Users producing endless Loops on your machine, simply dont give them access.

As i see youre from austria, so if your english is not good enough, feel free to contact me, i can explain it in German to you
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed Jul 06 17:05:44 2022 UTC