Improve this question. Bakuriu 4 4 silver badges 9 9 bronze badges. Tom Tom 1 1 gold badge 7 7 silver badges 14 14 bronze badges. Comments are not for extended discussion; this conversation has been moved to chat.
Add a comment. Active Oldest Votes. Try sending a HEAD request. Improve this answer. But i tried it, not able to exploit. May be i am missing something. Using PHP 5. I misread parts of this answer.
Up voted. Tom Just curious of the PHP version exploited there? Sravan It's 5. Bacon Brad Bacon Brad 3, 18 18 silver badges 26 26 bronze badges. Always assume that a user has no rights until and unless they prove otherwise by correctly authenticating as a privileged user. The Bill of Rights does not apply to software access control. Younis Bensalah Younis Bensalah 1 1 silver badge 5 5 bronze badges.
Hmm, I can't get this to work. The whole thing is still a pretty good argument against ever using PHP for anything ever at all, though. Wait what? In php three equals four? AdamMartin No, 0 times 10 to the power of 3 equals 0 times 10 to the power of 4.
Improve this answer. Most filesystem functions apply to streams, including HTTP. Keep in mind that this will transfer the whole content of the remote file to your server. May be feasible, may be not. I tried this, but it's not the md5 of the actual file, it's the md5 of the actual output. If you are talking about a server-side script such as a. That would be a security disaster if you could! You would have to use the appropriate connection you use to access the source on the server, eg.
Well depends what you mean. There are two ways: You connect to the remote server and calculate the hash there like ssh to the server. Get download the file and compute the hash.
Obviously to calculate the hash of a file you have to read the contents of the file. If you don't need to store the hash value for later use, there may not be a need to calculate the hash value just to compare files.
In response to using exec instead for performance Nov 13 post , It looks like the performance depends on the size of the file. See the results below using the same script from the original post. That would be a security disaster if you could! You would have to use the appropriate connection you use to access the source on the server, eg.
Well depends what you mean. There are two ways: You connect to the remote server and calculate the hash there like ssh to the server.
Get download the file and compute the hash. Obviously to calculate the hash of a file you have to read the contents of the file. Felix Kling Felix Kling k gold badges silver badges bronze badges.
I'm not very good with ssh. Is there an example you could provide for example 1? Sign up or log in Sign up using Google.
Sign up using Facebook. Sign up using Email and Password.
0コメント