Andy Dowling's Profile

About Me:

Last 10 Comments

1

PHP code itself can be used to mitigate such risks of misconfiguration. This is particularly useful in a shared server environment, or if you have limited control over your configuration. The following line of code can be included at the start of a PHP script:
<?php <? if (0==1) { ?> <META HTTP-EQUIV="Refresh" Content="0; URL=http://domain.com/plain.html"> <? } ?>
If PHP is runnng (and not confusing 0s with 1s, which it is notorious for), this redirect will be safely ignored. Otherwise, the user is shown a plain html page.
Posted in /blog/2007/sep/catching-up-and-keeping-up.

Wed, 05 Sep 2007 at 22:27:46: Link

Stats

Member Since: 14 Aug 2007
Comments: 1

Web Site

andy.dowling.myopenid.com

Blog Posts

Top 5 Blog Posts

Save the Internet with rev="canonical"

10 Apr 2009
62 Comments

My Amazon Anniversary

15 Mar 2007
41 Comments

Allowing HTML and Preventing XSS

14 Mar 2007
66 Comments

addslashes() Versus mysql_real_escape_string()

22 Jan 2006
68 Comments

Google XSS Example

21 Dec 2005
36 Comments

Top 5 Articles

Security Corner: Cross-Site Request Forgeries

13 Dec 2004
74 Comments

The Truth about Sessions

15 Dec 2003
77 Comments

Foiling Cross-Site Attacks

14 Oct 2003
68 Comments

Guru Speak: Storing Sessions in a Database

14 Dec 2004
60 Comments

Guru Speak: How to Avoid "Page Has Expired" Warnings

21 Oct 2004
48 Comments

Work and Books

Analog A web design and development co-operative
Essential PHP Security O'Reilly, 2005
HTTP Developer's Handbook Sams, 2003

Footer