PHP Environment strings and security question

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I have a few questions about PHP and environment strings, specifically

I am trying to get a clear understand on what these values should be when
created by a web server script mapping implementation (in this case, our
Wildcat! Web Server).

By example, if the URL are:


public vs private refers to authentication requiired by web server (enforced
by the web
server based on the folder).

The engine is defined by the script map table,  for example:

      Extension:  .PHP
      Engine:   d:/php4/php.exe

What would be the PATH_INFO and PATH_TRANSLATED with or without arguments?

I'm asking because it seems to me, from a CGI standard, a PHP call would
look like, for example:




Is this correct?

Finally, in terms of authentication and security, it is a good idea not to
expose the
direct physical path information to this script?  or is this a red-herring
in the sense that any possible malicious script already loaded/installed on
the server has already got into the door?

Thanks in advance

-- hector

Site Timeline