php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #20599 DoS PHP/include...
Submitted: 2002-11-23 13:34 UTC Modified: 2002-11-23 14:35 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: sc2 at gmx dot at Assigned:
Status: Wont fix Package: Scripting Engine problem
PHP Version: 4.2.3 OS: suse
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
34 - 23 = ?
Subscribe to this entry?

 
 [2002-11-23 13:34 UTC] sc2 at gmx dot at 
hello 
i just wanna know if it is in any future version of php any variant to stop DoS / with Includes
see
http://geodsoft.com/opinion/PHP-DoSattacks.htm

so that users can make endless lopp with includes

yes i know i can disable the include dir./require..but is there any other that i can make (or php team) so that DoS is not so easy..

thx

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-11-23 13:36 UTC] derick@php.net 
no, we're not going to disallow include/require.

Derick
 [2002-11-23 13:36 UTC] sniper@php.net 
This has been told many times before..you really should have searched the bug database first. 

If you didn't know, you can do the same thing in quite many
ways, not only with include()..
 [2002-11-23 13:51 UTC] sc2 at gmx dot at 
ok thanks and sorry for your time

but where is responsible for this?...may a contact apache ..? for hosters it would be easy when apache or php checks if in XX-Times the same include is open....auto detect...(yes other ways works too but oftens includes are used (with false scripts etc))
 [2002-11-23 13:53 UTC] derick@php.net 
It's really not for PHP to solve all problems of the world.
 [2002-11-23 14:00 UTC] sc2 at gmx dot at 
yes thats not but it is a "php" releated problem..
i know it is free etc...
but if anyone of the PHP has the time / ressource...
/ knowledge... it doesnt hurt for php team..if they made a feature for the admins of php..

it is the time,money or just a "presdige"?
be cool, dont be so "aggressiv" in your answers
 [2002-11-23 14:04 UTC] derick@php.net 
Official statement:
We don't have any interest in fixing this problem as it would make PHP unnecessary slow; things like this were discussed before on numerous times, I'm sure you can find them in our bug database.

And my answer has nothing to do with prestige, it's more common sense. And if you think this was an aggresive answer you're wrong, I can be much worse :)

Derick
 [2002-11-23 14:06 UTC] sc2 at gmx dot at 
ok thx , if you mean this is the right way...
 [2002-11-23 14:07 UTC] sc2 at gmx dot at 
ps: you can solve it, thx
 [2002-11-23 14:35 UTC] zimt@php.net 
hey,
maybe you dont understand:

This is no Error in PHP.

you can do endless loops in nearly every Programming language - thats not a bug of this language, its responsibility of the Users (the Coders who use this Language).

If you would have read and understand the article you quoted (ok, you posted the URL), you would have seen it isnt a Bug.

If you do not want Users producing endless Loops on your machine, simply dont give them access.

As i see youre from austria, so if your english is not good enough, feel free to contact me, i can explain it in German to you
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 22:01:29 2024 UTC