mouseattack
05-27-2005, 03:58 PM
Hello,
I need some help testing a php script on a PERSONAL windows xp home edition SP 2 pc.
So far, I've only downloaded the PHP 5.0.4 MSI installer windows binary, and haven't installed it yet.
I am curious and worried about vurnerabilities if I install it on a pc, would it be a security risk if I was NOT running a webserver, Apache is not installed and windows firewall has all ports unchecked, so there are no remote connections allowed (I believe).
Would someone be able to do something like
http://66.159.185.155:80/index.php?id=programfiles/blah/blah/blah and access all or any of my files on the pc? (WITHOUT a webserver being installed), and will my php scripts run when I double click them, will they parse as php and I can test them out ? Would things like INCLUDE("http://www.yahoo.com") work "meaning file_open " ?
What happens if I do install apache,THEN the above vurnerabiltiy would work right? How would I go about securying it so, I can run a website from my pc and without getting "rooted' as you guys like to say.
Windows XP Home SP2 (latest upgraded), would professional edition be any better? I can do that easily, I just don't care to change my personal pc to a flavor of linux since I am not at all familiar with linux GUI and I don't think ANY of my programs would run correctly on linux, even with a windows emu they would still have errors.
Thank you.
I need some help testing a php script on a PERSONAL windows xp home edition SP 2 pc.
So far, I've only downloaded the PHP 5.0.4 MSI installer windows binary, and haven't installed it yet.
I am curious and worried about vurnerabilities if I install it on a pc, would it be a security risk if I was NOT running a webserver, Apache is not installed and windows firewall has all ports unchecked, so there are no remote connections allowed (I believe).
Would someone be able to do something like
http://66.159.185.155:80/index.php?id=programfiles/blah/blah/blah and access all or any of my files on the pc? (WITHOUT a webserver being installed), and will my php scripts run when I double click them, will they parse as php and I can test them out ? Would things like INCLUDE("http://www.yahoo.com") work "meaning file_open " ?
What happens if I do install apache,THEN the above vurnerabiltiy would work right? How would I go about securying it so, I can run a website from my pc and without getting "rooted' as you guys like to say.
Windows XP Home SP2 (latest upgraded), would professional edition be any better? I can do that easily, I just don't care to change my personal pc to a flavor of linux since I am not at all familiar with linux GUI and I don't think ANY of my programs would run correctly on linux, even with a windows emu they would still have errors.
Thank you.