Page 1 of 1

PHP.ini (expose_php)

Posted: Wed Feb 18, 2004 6:28 am
by gbow
Hi

I am currently reviewing php security practices and am looking into a variety of options. just wondering if turning 'expose_php' to off in the php.ini file will have any effect on my existing code? thats all thanks.

Posted: Wed Feb 18, 2004 1:58 pm
by ol4pr0
;
; Misc
;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.

Posted: Fri Feb 20, 2004 5:19 am
by gbow
many thanks
no real need to do it then :D
seeing as when all pages are .php it pretty much gives away the fact that php is being used... :wink:

is it possible for people to get at the php code i use on my pages?
i know it doesnt show up when people view source but is it possible for them to get at using other methods?

Posted: Fri Feb 20, 2004 9:50 am
by liljester
not that i am aware of, when the webserver serves out the php it executes the code in the <? ?> blocks... the only way i could think of is if someone hacked your ftp, or otherwise compromised your system and got access to the files themselves.

Posted: Fri Feb 20, 2004 10:02 am
by gbow
thats what i thought - but you never know these days!

Posted: Fri Feb 20, 2004 12:32 pm
by Ixplodestuff8
You could just make a script that allows you to view the source using highlight_file, or copy the file and name it filename.phps

edit: oops, you wanted to make sure it couldn't be done. :oops:

Posted: Mon Feb 23, 2004 3:11 am
by gbow
correct
im just worried that people might be able to steal parts of my code that i dont want the world to see :wink: