Several days ago I attended a seminar and they were talking about "dangerous" PHP functions. They did not say however that should we use them. They named eval(), preg_match(), exec() and a lot more.
Though I don't use them, or don't use them often sometimes I have to. Is it considered bad practice to use those functions? Even if I know that where I use them no user can reach it?
Edit:
For the preg_match() questions, check out this:
preg_match() security hole
Answer
All of those methods basically allow injected code to be run on your system if you don't protect against it. There's a chance of you shooting yourself in the foot if you do use them without knowing what the dangers are. If you're fully aware of what you're doing, and you have no alternative but to use this method, then there isn't much else you can do in any case.
This question has a pretty comprehensive list of exploitable functions in PHP
No comments:
Post a Comment