Need help preventing PHP code leakage
Posted: Fri Oct 01, 2010 12:25 pm
[NOTE: I previously had this post in the security section but nobody responded to it.]
Hi all,
I've been reading about and implementing many PHP security measures before I launch my site, but I'm not finding a lot of information on preventing PHP code leakage. If you google "facebook code leakage," you get a bunch of matches explaining how their homepage PHP code was displayed for all to see. Most people are saying it is related to mod_php not being available.
If you google "prevent PHP code leak" or variations of that, you don't get a whole lot of useful tactics. A few websites mention using mod_security to prevent code leakage, and another recommends using htaccess to detect if mod_php is available before sending data out.
I'm leaning towards putting the following lines in htaccess, but I'm hesitant because the solution is not widely published:
<ifmodule !mod_php5.c>
<filesmatch ?\.php$?>
Order allow,deny
Deny from all
Allow from none
</filesmatch>
</ifmodule>
So I guess what I want to know is: what is the best or most common way to prevent code leakage?
Thanks,
meefozio
Hi all,
I've been reading about and implementing many PHP security measures before I launch my site, but I'm not finding a lot of information on preventing PHP code leakage. If you google "facebook code leakage," you get a bunch of matches explaining how their homepage PHP code was displayed for all to see. Most people are saying it is related to mod_php not being available.
If you google "prevent PHP code leak" or variations of that, you don't get a whole lot of useful tactics. A few websites mention using mod_security to prevent code leakage, and another recommends using htaccess to detect if mod_php is available before sending data out.
I'm leaning towards putting the following lines in htaccess, but I'm hesitant because the solution is not widely published:
<ifmodule !mod_php5.c>
<filesmatch ?\.php$?>
Order allow,deny
Deny from all
Allow from none
</filesmatch>
</ifmodule>
So I guess what I want to know is: what is the best or most common way to prevent code leakage?
Thanks,
meefozio