[thelist] Securing PHP source WAS: Use PHP for content?
MarsHall
evolt at marsorange.com
Thu Nov 21 16:31:00 CST 2002
On Thursday, Nov 21, 2002, at 16:13 US/Central, Alex Ezell wrote:
> How does one go about securing their PHP source code?
PHP is, by default, relatively secure. Of course HOW you build your PHP
scripts and config your server will dictate the inherent security risks
for your server. For the most authoritative explanation of PHP
security, see:
http://www.php.net/manual/en/security.php
The person who coded that site ( http://www.camst.net/ ) simply made a
mistake. They put a block of PHP code with an include in their index
file, but made that file .html instead of .php. So, if you view the
source of the site's index page, you see that unparsed PHP code,
revealing the name of a completely unsecured .inc file.
Maybe they switched the extension on that file from .php to .html
extension because it was loading so slow as .php. [chuckle]
Mars :)
More information about the thelist
mailing list