Page 1 of 1
PHP security
Posted: Wed Jul 03, 2002 8:01 am
by zed
I'm thinking about learning PHP. Last night, something started bothering me about it. Let's say that I am writing a login script for visitors to access my site. The script connects to a mysql database with its name and password. If I am a malicious user, can I just download the login.php file and obtain all of the PHP code, including the name and password of my database? How do PHP files transfer when you do a 'Save Target As.'
Mike
Posted: Wed Jul 03, 2002 8:29 am
by martin
I understand there are many concerns when learning to code php but the more you learn the clearer all will be. You can't download a php file unless someone wants you to or their server is not setup for php. This page is a .php script, look at the source and all you will see is the html.
Have some faith that the vast number of php coders out there would not be using it if it was a problem.
Good luck with your coding and remember to make good use of this forum.
Regards
Martin
Posted: Wed Jul 03, 2002 8:38 am
by twigletmac
They'll be parsed by the server (if it's set up to parse .php files as php) and all the nasty person will get is whatever the output of the page would have been if they had just clicked on the link as normal. So they won't get your username as password that way.
To test this out just save target as a page in this forum and check out what you get.
Mac

oops, too slow, thought I'd leave this up for reassurance though
Posted: Wed Jul 03, 2002 8:48 am
by zed
Sounds good. As long as it is automatically parsed by the server, it sounds good to me.
Much obliged.
Mike