How To Correctly Include A Remote File Securely With PHP 5

HTML Ready Article
<html> <head> <title>Article Asylum | How To Correctly Include A Remote File Securely With PHP 5</title> </head> <body> <h3>How To Correctly Include A Remote File Securely With PHP 5</h3><br><br>By: Chris Channing<br><br> <p>PHP 4 is now becoming less used across the Internet, and instead being switched out with newer versions such as PHP 5. There have been many modifications that have been done under the hood, so to speak, and specifically webmasters will notice that they will have to find a new syntax in order to include remote files into a webpage.</p> <p>XSS attacks, or what are called cross-site scripting attacks, are attacks in which a hacker injections code from a remote website. This attack is prevalent on PHP 4 platforms, but not so much on PHP 5 platforms due to a change in how configurations are built on default. PHP 4 allows limitless control of absolute file paths, where PHP 5 has cracked down on the absolute paths and instead warrants other methods of achieving file inclusion.</p> <p>One popular method of how servers are being exploited with XSS attacks is by using them as a proxy server in which to do illegal activity. If the hacker is careful, he or she won't be caught and will be able to send out spam mail, or even conduct attacks against other websites and servers. Because the attack seems to come from the webmaster's server, the hacker could likely never be caught and cause the webmaster personal liability.</p> <p>XSS attacks function mostly because "allow<em>url</em>fopen" is set to on, which is the default setting in PHP 4. In PHP 5, however, the default setting is to turn it off. As a result, webmasters will not be able to include absolute paths without a little handy work. Instead, developers are urged to make use of relative file paths when including files.</p> <p>There is still a way to use the include function like an absolute file path- with a server variable that finds the root path to the website on the server. By finding this, webmasters will be able to use absolute file paths that reside on their own server. The variable in question is referenced to as "$<em>Server['document</em>root']," but keep in mind not all hosts allow for this variable to operate. If not, other workarounds may be necessary, such as using the "file<em>get</em>contents" function that is much like the include function.</p> <p>For webmasters who don't like change, the urge to turn the setting back on is probably undeniable. But it is urged that webmasters keep this setting off to avoid the most common XSS attacks, as encouraged by the PHP community who thought it was serious enough of a problem to change its default behavior. Instead, learn to use the new syntax or workaround and keep your server secure, your users happy, and your troubles minimal.</p> <p>In Conclusion</p> <p>PHP 5 has brought us many new security features, and the default setting of disallowing absolute paths in include functions is an example of where the industry is going. For more information on the syntax, how to use it, and more words on web development, readers should consult the PHP manual or obtain a PHP 5 book from a local bookstore for more information.</p> <br><br> <b>Author Resource:</b> Learn more on <a href="http://www.learnphponline.com/errors/url-file-access-is-disabled-in-the-server-configuration">php include help</a> and <a href="http://www.learnphponline.com/errors/url-file-access-is-disabled-in-the-server-configuration">allow url fopen</a>.<br><br> <b>Article From</b> <a href='http://www.articleasylum.com/'>Article Asylum</a><br> </body> </html>

Plain Text Article
Article Asylum | How To Correctly Include A Remote File Securely With PHP 5 By: Chris Channing PHP 4 is now becoming less used across the Internet, and instead being switched out with newer versions such as PHP 5. There have been many modifications that have been done under the hood, so to speak, and specifically webmasters will notice that they will have to find a new syntax in order to include remote files into a webpage. XSS attacks, or what are called cross-site scripting attacks, are attacks in which a hacker injections code from a remote website. This attack is prevalent on PHP 4 platforms, but not so much on PHP 5 platforms due to a change in how configurations are built on default. PHP 4 allows limitless control of absolute file paths, where PHP 5 has cracked down on the absolute paths and instead warrants other methods of achieving file inclusion. One popular method of how servers are being exploited with XSS attacks is by using them as a proxy server in which to do illegal activity. If the hacker is careful, he or she won't be caught and will be able to send out spam mail, or even conduct attacks against other websites and servers. Because the attack seems to come from the webmaster's server, the hacker could likely never be caught and cause the webmaster personal liability. XSS attacks function mostly because "allow_url_fopen" is set to on, which is the default setting in PHP 4. In PHP 5, however, the default setting is to turn it off. As a result, webmasters will not be able to include absolute paths without a little handy work. Instead, developers are urged to make use of relative file paths when including files. There is still a way to use the include function like an absolute file path- with a server variable that finds the root path to the website on the server. By finding this, webmasters will be able to use absolute file paths that reside on their own server. The variable in question is referenced to as "$_Server['document_root']," but keep in mind not all hosts allow for this variable to operate. If not, other workarounds may be necessary, such as using the "file_get_contents" function that is much like the include function. For webmasters who don't like change, the urge to turn the setting back on is probably undeniable. But it is urged that webmasters keep this setting off to avoid the most common XSS attacks, as encouraged by the PHP community who thought it was serious enough of a problem to change its default behavior. Instead, learn to use the new syntax or workaround and keep your server secure, your users happy, and your troubles minimal. In Conclusion PHP 5 has brought us many new security features, and the default setting of disallowing absolute paths in include functions is an example of where the industry is going. For more information on the syntax, how to use it, and more words on web development, readers should consult the PHP manual or obtain a PHP 5 book from a local bookstore for more information. Author Resource: Learn more on <a href="http://www.learnphponline.com/errors/url-file-access-is-disabled-in-the-server-configuration">php include help</a> and <a href="http://www.learnphponline.com/errors/url-file-access-is-disabled-in-the-server-configuration">allow url fopen</a>. Article From: Article Asylum (http://www.articleasylum.com/)

Article Summary
PHP 4 is now becoming less used across the Internet, and instead being switched out with newer versions such as PHP 5. There have been many modifications that have been done under the hood, so to speak, and specifically webmasters will notice that they will have to find a new syntax in order to include remote files into a webpage.

Article Keywords (Tags)
web development,,internet,,web design,,computers,,technology,,advice,,general,,articles,,all,,hobbies,,Web Design,