Page 1 of 1

Viewing PHP source code...

Posted: Thu Aug 08, 2002 2:08 am
by Hebbs
I am keen to secure my site as much as possible and have just been told there are somes holes in PHP which allow users to view the source code.

One of my main reasons for using PHP was to prevent this.

Can anyone shed any light on what some of these methods to view PHP source code are and any actions that I can take to lock my scripts down further?

Hebbs

Posted: Thu Aug 08, 2002 2:27 am
by twigletmac
If your scripts have .inc extensions or any others that won't be parsed as PHP then your source code could be vunerable if users guess the names of your files. If you have all your files with .php extensions then all the code will be parsed before it gets to the browser and unless you're echoing all your code to the screen you should be ok.

Mac