Quote:
Originally posted by hibbidiji
hehe now lets be precise so long as we're teaching juicy the ropes on php. you CAN include remote php code, but you have to treat it well  you can pop the code as plaintext (non parsed) on one machine (SO insecure it hurts) and include it on another box and EVAL it which works fine... base64encoding and gzipping then removing the code bits helps to secure it a bit if you dont mind a 12 year old figuring it out.
but fair's fair, mod is right (and I'm sure he knew all this) you cant just include php code from remote servers as it will be parsed by apache (or whatever) before it gets to you.
dont even get me started on SOAP ;)
D
|
Yeah. Although, technically, it'd be parsed by PHP before it gets to you. Apache passes it to the PHP parser, which returns the modified code back to Apache to server. ;)
And yes, you _could_ include remote PHP code, using the methods you mentioned. Another would be to use PHP's sockets support to open an https connection to the server with the code, and send a password via POST to retrieve the content. The server could keep an active list of allowed domains/scripts that it will serve, and if you're not on the list, OR you're on it and supply an invalid pass, just spit out an error instead.