1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

fsockopen function

Discussion in 'PHP' started by MayurGondaliya, Oct 14, 2007.

  1. #1
    If fsokopen function is enabled on the server then may it cause vulnerability to the server? I have heard that it may cause exploitable threats on the server. Please so let me know if anyone knows.....
     
    MayurGondaliya, Oct 14, 2007 IP
  2. sea otter

    sea otter Peon

    Messages:
    250
    Likes Received:
    23
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Well...in general, no.

    fsockopen() is an "outbound" function; it does not sit there waiting for inbound connections the way a socket "accept" call does. You can only use it to initiate outbound connections to which the connected server will then respond.

    Now, if the server you connect to tries to exploit your system, then yes, you might have a problem.

    Also, if you create a server in php using the low-level socket functions (socket_create, socket_listen, socket_accept, etc.) you might very well open yourself up to a vulnerability, because now you're sitting there open to the world, waiting for someone to try and connect to you and break in.

    However, low-level socket functions are not compiled by default into PHP (e.g., --with-sockets is not enabled by default), and as of PHP 5.3.0 the entire library has being moved into PECL anyhow, so you'd really have to go out of your way to install it.

    All of that said, is there some specific scenario you had in mind?
     
    sea otter, Oct 14, 2007 IP