PHP.ini (expose_php)

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
gbow
Forum Newbie
Posts: 12
Joined: Wed Feb 18, 2004 6:28 am

PHP.ini (expose_php)

Post by gbow »

Hi

I am currently reviewing php security practices and am looking into a variety of options. just wondering if turning 'expose_php' to off in the php.ini file will have any effect on my existing code? thats all thanks.
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

;
; Misc
;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
gbow
Forum Newbie
Posts: 12
Joined: Wed Feb 18, 2004 6:28 am

Post by gbow »

many thanks
no real need to do it then :D
seeing as when all pages are .php it pretty much gives away the fact that php is being used... :wink:

is it possible for people to get at the php code i use on my pages?
i know it doesnt show up when people view source but is it possible for them to get at using other methods?
User avatar
liljester
Forum Contributor
Posts: 400
Joined: Tue May 20, 2003 4:49 pm

Post by liljester »

not that i am aware of, when the webserver serves out the php it executes the code in the <? ?> blocks... the only way i could think of is if someone hacked your ftp, or otherwise compromised your system and got access to the files themselves.
gbow
Forum Newbie
Posts: 12
Joined: Wed Feb 18, 2004 6:28 am

Post by gbow »

thats what i thought - but you never know these days!
User avatar
Ixplodestuff8
Forum Commoner
Posts: 60
Joined: Mon Feb 09, 2004 8:17 pm
Location: Queens, New York

Post by Ixplodestuff8 »

You could just make a script that allows you to view the source using highlight_file, or copy the file and name it filename.phps

edit: oops, you wanted to make sure it couldn't be done. :oops:
gbow
Forum Newbie
Posts: 12
Joined: Wed Feb 18, 2004 6:28 am

Post by gbow »

correct
im just worried that people might be able to steal parts of my code that i dont want the world to see :wink:
Post Reply