Good and Honest Host of the month, August 2008,
WSServers.com
Thank you for visiting this site. If you are looking for web hosting
services, you have come to the right place. Please search my database of
over 2400
hosting companies.
If you need any help, please email me at terence @ hostpulse.com . I
will personally try to reply your email within a day and give you some basic
guidelines, negotiate with a few hosts to offer you good pricing or
answer any hosting related problems that you may have.
Using PHP as a CGI binary is an option for
setups that for some reason do not wish to integrate PHP as a
module into server software (like Apache), or will use PHP with
different kinds of CGI wrappers to create safe chroot and setuid
environments for scripts. This setup usually involves installing
executable PHP binary to the web server cgi-bin directory. CERT
advisory CA-96.11 recommends
against placing any interpreters into cgi-bin. Even if the PHP
binary can be used as a standalone interpreter, PHP is designed
to prevent the attacks this setup makes possible:
Accessing system files: http://my.host/cgi-bin/php?/etc/passwd
The query information in a URL after the question mark (?) is
passed as command line arguments to the interpreter by the CGI
interface. Usually interpreters open and execute the file
specified as the first argument on the command line.
When invoked as a CGI binary, PHP refuses to interpret the
command line arguments.
Accessing any web document on server: http://my.host/cgi-bin/php/secret/doc.html
The path information part of the URL after the PHP binary name,
/secret/doc.html is
conventionally used to specify the name of the file to be
opened and interpreted by the CGI program.
Usually some web server configuration directives (Apache:
Action) are used to redirect requests to documents like
http://my.host/secret/script.php to the
PHP interpreter. With this setup, the web server first checks
the access permissions to the directory /secret, and after that creates the
redirected request http://my.host/cgi-bin/php/secret/script.php.
Unfortunately, if the request is originally given in this form,
no access checks are made by web server for file /secret/script.php, but only for the
/cgi-bin/php file. This way
any user able to access /cgi-bin/php is able to access any
protected document on the web server.
In PHP, compile-time configuration option --enable-force-cgi-redirect
and runtime configuration directives doc_root and user_dir can be used to prevent
this attack, if the server document tree has any directories
with access restrictions. See below for full the explanation
of the different combinations.
Web Hosting Showcase
View the web hosting
showcase to find more relevant web hosting choice that will guide you in
selecting a good web hosting company.
This site provide
free reviews of web hosting services from 100 selected companies. There
are over 3000 over website hosting companies on the internet. Please
research these domain hosting services carefully before you sign up with
any. Read articles on web page hosting, web site hosting, domain names,
website speed test, cheap web hosting services, PHP scripts, mysql
database, asp hosting and virtual private server to gain a better
knowledge on domain hosting and cheap web hosting.
