Protect web content [Archive]

Click to See Complete Forum and Search --> : Protect web content

webdevelopa

02-21-2007, 02:13 AM

Hi All,

I am a web developer and I am lately becoming fairly security conscious.

So two questions for you and any help appreciated.

1)I have my hesitations about my web code being revealed to everyone through the "view page source" feature of web browsers. Apparently the source review may reveal quite a few hints that affect security. Is there a way to prevent people from seeing this?

2)Being a web developer (especially PHP) I would like to know how I can restrict my programs to run on specific domains only. In this way if someone steals my code he can not deploy it on his server.

Thanks for your help all

peter

kwikness

02-21-2007, 07:32 AM

Look at the stickies!!!!!!! It's the first post in the forum!!!!!

aussie girl

02-21-2007, 08:22 AM

you cannot steal PHP code unless someone hacks into your server and gets the files.

NogDog

02-21-2007, 02:00 PM

If on Apache, be sure to turn off the option to show a FTP directory listing if the user browses to a directory that does not have a default file. One way is to add the following line to a .htaccess file in your web root directory:

Options -Indexes

(Or else make sure every directory has a default file in it, e.g.: an index.html file.)

the tree

02-21-2007, 02:28 PM

I have my hesitations about my web code being revealed to everyone through the "view page source" feature of web browsers. Apparently the source review may reveal quite a few hints that affect security. Is there a way to prevent people from seeing this?If your source code contains any leads to security flaws, then it is simply horrifically coded.

trepidity

02-21-2007, 02:44 PM

webdevelopa, you have nothing to worry about at all unless you have someway for people to access the php files on your server other than through your web server's(IE Apache, IIS, etc) assigned port. The whole idea in PHP scripting is that the server looks at the code and executes it before responding to the client. So all the client should get is the output. As far as hiding you HTML, Javascript, CSS or any other client-side code. You can't. It's data being sent to the client for client-side interpretation so there is always going to be a way for the user to get it. As long as PHP is running on the particular server, your fine. If somehow you turn it off then your screwed. But otherwise I wouldn't be worried.:)