PDA

Click to See Complete Forum and Search --> : PHP source secure?

Hopworks
04-27-2007, 08:43 PM
I'm not new to PHP, but I haven't spent the time needed to be considered good at it. I know enough to do what I want mostly, but now I'm working with MySQL and a concern popped into my head like a bomb going off...

Is my php code on my site secure from viewing? A tutorial I'm working through now talks about connecting to my database, and in the code is $connid = mysql_connect ('servername' , 'username' , 'password');What keeps someone from reading my source, getting that login information, and compromising my database?
The database contains useless info for anything else but my specific task at hand, not like login info or anything.
And I'm real careful with my ftp info and database info. I'm just talking about someone getting that info out of a folder on my site, like view source for html.

Thanks!
Hop
NogDog
04-27-2007, 09:43 PM
The only way anyone should be able to see your PHP source code is if they have FTP access or login access to your site, or if you do not have a default web page in a given directory and your webserver settings allow for automatic FTP directory listing in that case. If on Apache web server, you can turn off that behavior in a .htaccess file in you web root directory with this line:

Options -Indexes
Hopworks
04-27-2007, 09:46 PM
The only way anyone should be able to see your PHP source code is if they have FTP access or login access to your site, or if you do not have a default web page in a given directory and your webserver settings allow for automatic FTP directory listing in that case. If on Apache web server, you can turn off that behavior in a .htaccess file in you web root directory with this line:

Options -Indexes

Thank you! I wondered how I could do that, and I'm doing that right now, and thank you for the reassurance about my code. =)
Hop
matt_fawcett
04-28-2007, 12:18 PM
I usually put secure details such as passwords below the root of the apache directory. that way if anything happens with php your source isnt viewable
bokeh
04-30-2007, 02:54 AM
The only way anyone should be able to see your PHP source code is if they have FTP access or login access to your siteThat's not true. Any file with 0644 permission can be read by the webserver allowing anyone that shares the server to read it.