Page 1 of 1
PHP.ini (expose_php)
Posted: Wed Feb 18, 2004 6:28 am
by gbow
Hi
I am currently reviewing php security practices and am looking into a variety of options. just wondering if turning 'expose_php' to off in the php.ini file will have any effect on my existing code? thats all thanks.
Posted: Wed Feb 18, 2004 1:58 pm
by ol4pr0
;
; Misc
;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
Posted: Fri Feb 20, 2004 5:19 am
by gbow
many thanks
no real need to do it then
seeing as when all pages are .php it pretty much gives away the fact that php is being used...
is it possible for people to get at the php code i use on my pages?
i know it doesnt show up when people view source but is it possible for them to get at using other methods?
Posted: Fri Feb 20, 2004 9:50 am
by liljester
not that i am aware of, when the webserver serves out the php it executes the code in the <? ?> blocks... the only way i could think of is if someone hacked your ftp, or otherwise compromised your system and got access to the files themselves.
Posted: Fri Feb 20, 2004 10:02 am
by gbow
thats what i thought - but you never know these days!
Posted: Fri Feb 20, 2004 12:32 pm
by Ixplodestuff8
You could just make a script that allows you to view the source using
highlight_file, or copy the file and name it filename.phps
edit: oops, you wanted to make sure it couldn't be done.

Posted: Mon Feb 23, 2004 3:11 am
by gbow
correct
im just worried that people might be able to steal parts of my code that i dont want the world to see
