B / Y / U / S
HOME À¥ È£½ºÆà µµ¸ÞÀÎ ¸Å´º¾ó °í°´Áö¿ø ¼³Á¤Á¤º¸ °èÁ¤½Åû 2024-12-24 Tuesday 
À¥ È£½ºÆÃ
# °øÁö »çÇ×
# ÀÚÁÖ ¹¯´Â Áú¹®
# Áú¹®°ú ´äº¯
# °¡ÀÔ ¹®ÀÇ
Ä¿¹Â´ÏƼ
# ÀÚÀ¯°Ô½ÃÆÇ
# ¸®´ª½ºÆÁ
# ¾ÆÀÌÅ¥ Å×½ºÆ®
# ³»È¨ ¼Ò°³
# °Ö·¯¸®
# ÀÚ·á½Ç

  °øÁö»çÇ×
Read No. 243 article 2005-11-05 12:30:34
NickName   Ç®ºñ´©
Subject   [º¸¾È] PHP update 4.4.1
php ÀÇ ±ä±Þ º¸¾È¹ö±× °ü·Ã ¾÷µ¥ÀÌÆ® 󸮰¡ µÇ¾ú½À´Ï´Ù.
º¸¾È·¹º§ : ±ä±ÞÁß¿ä

php --------------
±âÁ¸ : 4.3.10 
½Å±Ô : 4.4.1

Zend Optimizer ---
±âÁ¸ : 2.5.7
½Å±Ô : 2.5.10a

°ü·Ã »ó¼¼ ³»¿ë --------

1) POST ¸Å°³º¯¼öó¸®ÇÔ¼ö¿À·ù¿¡ÀÇÇÑGLOBAL º¯¼öº¯°æÃë¾àÁ¡ 
"Multipart/form-data" POST ¹æ½ÄÀ¸·Î ÆÄÀϾ÷·Îµå ±â´É ±¸Çö½Ã, Ŭ¶óÀ̾ðÆ®·ÎºÎÅÍ Àü´Þ
µÈ º¯¼ö°ªÀ» ó¸®ÇÏ´Â extract(), import_request_varibales() ÇÔ¼ö±¸Çö»óÀÇ ¿À·ù·Î ¿ø°Ý
ÀÇ °ø°ÝÀÚ°¡ GLOBAL ȯ°æº¯¼ö°ªÀ» º¯°æÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù. PHP ȯ°æÀ» Á¤ÀÇ
ÇÏ´Â php.ini ÆÄÀϳ»¿¡¼­ ¸Å°³º¯¼ö 󸮼ø¼­¸¦ ÁöÁ¤ÇÏ´Â variables_order Áö½ÃÀÚ°ªÀº ±â
º»ÀûÀ¸·Î 'EGPCS'(Environment, GET, POST, Cookie, Server)·Î ¼³Á¤µÇ¾î ÀÖÀ¸¸ç, ÀÌ·¯ÇÑ 
°æ¿ì ÇØ´ç Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °ø°Ý¿¡ Ãë¾àÇÒ ¼ö ÀÖ½À´Ï´Ù.

2) PHP parse_str() ÇÔ¼ö ¿À·ù¿¡ ÀÇÇÑ register_globals È°¼ºÈ­Ãë¾àÁ¡
ÁÖ¾îÁø ¹®ÀÚ¿­À» URLÀ» ÅëÇÑ ÁúÀǹ®ÀÚ¿­(Query String)ó·³ ó¸®ÇÏ´Â parse_str() ÇÔ¼ö
ÀÇ ¿À·ù·Î php.ini ÆÄÀϳ»¿¡¼­ ȯ°æº¯¼ö/¸Å°³º¯¼öµéÀ» Àü¿ªº¯¼ö·Î µî·ÏÇÒÁö ¼³Á¤ÇÏ´Â
register_globals Áö½ÃÀÚ¸¦ 'on'À¸·Î È°¼ºÈ­ÇÒ ¼ö ÀÖ½À´Ï´Ù. (PHP 4.2.0 ºÎÅÍ´Â php.ini 
ÆÄÀϳ» register_global Áö½ÃÀÚÀÇ ±âº»°ªÀº off ÀÓ)

3) phpinfo()ÇÔ¼öÀÇCross-Site Scripting Ãë¾àÁ¡
PHPÀÇ ´Ù¾çÇÑ Á¤º¸¸¦ Ãâ·ÂÇØÁÖ´Â phpinfo() ÇÔ¼ö¿¡ ÀԷ°ª°ËÁõ¿À·ù¿¡ ÀÇÇÑ Cross-Site 
Scripting Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù. 
°ø°ÝÀÚ°¡ Ãë¾àÇÑ phpinfo() ÇÔ¼ö¸¦ ÀÌ¿ëÇÏ¿© À¥»çÀÌÆ®¸¦ ±¸ÃàÇÑ°æ¿ì, ÇØ´ç À¥»çÀÌÆ®¿¡ ¹æ
¹®ÇÑ »ç¿ëÀÚÀÇ À¥ºê¶ó¿ìÀú¿¡¼­ ¾ÇÀÇÀûÀÎ ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÏ´Â Cross-Site Scripting °ø°Ý
ÀÌ °¡´ÉÇÕ´Ï´Ù.

4) PCRE ¶óÀ̺귯¸®Buffer Overflow Ãë¾àÁ¡
Perl ¾ð¾î¿ÍÀÇÁ¤±ÔÇ¥Çö½Ä(regular expression) ȣȯ¼ºÀ»Á¦°øÇÏ´ÂPCRE (Perl Compatible 
Regular Expression) ¶óÀ̺귯¸®¿¡Buffer Overflow Ãë¾àÁ¡ÀÌÁ¸ÀçÇÕ´Ï´Ù. °ø°ÝÀÚ´ÂÇØ´çÃë
¾àÁ¡À»¾Ç¿ëÇÏ¿©Á¶ÀÛµÈÁ¤±ÔÇ¥Çö½ÄÀ»Ã³¸®Åä·ÏÇϹǷμ­´ë»ó½Ã½ºÅÛ¿¡¼­ÀÓÀÇÀǸí·É¾î¸¦½ÇÇàÇÒ
¼öÀÖ½À´Ï´Ù.

5) ext/curl, ext/gd È®Àå¸ðµâ¿À·ù¿¡ÀÇÇѺ¸¾È¼³Á¤¿ìȸÃë¾àÁ¡
PHP È®Àå¸ðµâ Áß À̱âÁ¾°£ÀÇ Åë½ÅÀ» Áö¿øÇÏ´Â curl(Client URL Library) ¸ðµâ°ú ´Ù¾çÇÑ 
À̹ÌÁö󸮸¦ Áö¿øÇÏ´Â gd(Graphic Design) ¸ðµâÀÇ ±¸Çö»óÀÇ ¿À·ù·Î ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ Çã
°¡µÇÁö ¾ÊÀº ÆÄÀÏ¿¡ Á¢±ÙÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù. 
°ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÏ¿© php.ini ÆÄÀÏ ¼³Á¤ Áß php ½ºÅ©¸³Æ® ¼ÒÀ¯±Ç°ú ÇØ´ç 
php ½ºÅ©¸³Æ®°¡ ÂüÁ¶ÇÏ´Â ÆÄÀÏÀÇ ¼ÒÀ¯±ÇÀ» ºñ±³ÇÏ´Â safe_mode Áö½ÃÀÚ¼³Á¤°ú php ½ºÅ©¸³
Æ®°¡ ÂüÁ¶ÇÒ ¼ö ÀÖ´Â ÆÄÀÏÀÇ µð·ºÅ丮 À§Ä¡¸¦ Á¦ÇÑÇÏ´Â open_basedir µîÀÇ Áö½ÃÀÚ ¼³Á¤ 
°ª°ú °ü°è¾øÀÌ ÀÓÀÇÀÇ ÆÄÀÏ¿¡ Á¢±ÙÇÒ ¼ö ÀÖ½À´Ï´Ù.

6) Virtual() ÇÔ¼ö¿À·ù¿¡ ÀÇÇÑ º¸¾È¼³Á¤ ¿ìȸ Ãë¾àÁ¡
Apache2 ¿¡¼­ ½ÇÇà°¡´ÉÇÑ ½ºÅ©¸³Æ®¸¦ include ÇÏ´Â virtual() ÇÔ¼öÀÇ ±¸Çö»óÀÇ ¿À·ù·ÎÀÎ
ÇØ safe_mode, open_basedir µî°ú °°Àº º¸¾È¼³Á¤À» ¿ìȸÇÏ¿© ÀÓÀÇÀÇ ÆÄÀÏ¿¡ Á¢±ÙÇÒ ¼ö ÀÖ
´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù.


°¨»çÇÕ´Ï´Ù.
Regist Addr [ 211.111.244.137 ] ¸ñ·Ïº¸±â À­±Û ¾Æ·§±Û
Á¤±ÔÇ¥Çö½Ä [ »ó¼¼ °Ë»ö ]
Page Loading [ 0.03 Sec ] SQL Time [ 0 Sec ]

Copyleft 1999-2024 by JSBoard Open Project
Theme Designed by IDOO And follow GPL2

°³ÀÎÁ¤º¸ Ãë±Þ¹æħ ÀÌ¿ë ¾à°ü »çÀÌÆ® ¸Ê ¾îµå¹Î °ü¸®