Hi
I am worrying about my php codes.I know they are not visible in browser but Can some bad people steal my php codes?If they can how can i stop them please answer im new in php :S
Thanks for your answers
Question about security
Moderator: General Moderators
-
stratbeans
- Forum Newbie
- Posts: 12
- Joined: Sat Aug 29, 2009 2:23 am
Re: Question about security
Your specific security concern is about the visibility of your source code.
The webserver (apache or otherwise) configuration plays an important role is guarding against such breaches - You might want to explore that.
The webserver (apache or otherwise) configuration plays an important role is guarding against such breaches - You might want to explore that.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Question about security
No one can read your PHP source code just like that, but you might have written something that allows anyone to crack into your application. I think it would be wiser to learn PHP before even worrying about security.
Re: Question about security
kaisellgren is probably very good at php and been coding for years... I am learning php too and I think its a bad idea to worry about security later and learn php first because to start using it you'll probably get a shared webhost and if you don't worry about security to start you'll make vulnerable code and the account might get hacked and then suspended by the webhost. A lot of security is good programming like initializing all variables to start, whitelist > blacklist etc. And of course when you pick a webhost you're locked in for a year so have to decide what kind of security features you want (some webhost have awful features like registerglobals on with no way to disable it). If you worry later, you will find out about it later, maybe when your shared acct. is hacked sending spam.
If you are really worried about security learn php on local machine with no physical connection to internet maybe with http://www.apachefriends.org/en/xampp.html then you don't have to worry about getting hacked while you're learning.
If you are really worried about security learn php on local machine with no physical connection to internet maybe with http://www.apachefriends.org/en/xampp.html then you don't have to worry about getting hacked while you're learning.
Re: Question about security
Well, theoretically, it's not true that "no one else" can read them, contrary to what most folks seem to believe.
Actually, anyone who has an account on the same web server technically has the ability to view your source code. Unless there are a bunch of functions disabled, it's always possible to write code to look outside of your directories and generate listings and work on those files (almost always read them). This is the nature of how *nix permissions work. Most files are stored on a *nix server at usually the least of 0644, which means anyone on the server can read your files (the owner reads and writes, the group and everyone else just reads).
And, if you think about it (again, unless there are functions disabled, safe mode on or something like that) it should also be technically possible to manipulate other people's configuration files who are on the same server as you. A lot of software vendors mention CHMOD 0777 to certain directories or files. This literally means that any system user on that server has access to write to those files/directories or delete them (0777 = read/write/execute for everyone).
The likelihood of this ever being a serious issue is unlikely, but the chance is there, and I did play around with it once upon a time when I was much more stupid. You just need to be on the same physical server as the user and the above scenarios usually (not always) apply.
Actually, anyone who has an account on the same web server technically has the ability to view your source code. Unless there are a bunch of functions disabled, it's always possible to write code to look outside of your directories and generate listings and work on those files (almost always read them). This is the nature of how *nix permissions work. Most files are stored on a *nix server at usually the least of 0644, which means anyone on the server can read your files (the owner reads and writes, the group and everyone else just reads).
And, if you think about it (again, unless there are functions disabled, safe mode on or something like that) it should also be technically possible to manipulate other people's configuration files who are on the same server as you. A lot of software vendors mention CHMOD 0777 to certain directories or files. This literally means that any system user on that server has access to write to those files/directories or delete them (0777 = read/write/execute for everyone).
The likelihood of this ever being a serious issue is unlikely, but the chance is there, and I did play around with it once upon a time when I was much more stupid. You just need to be on the same physical server as the user and the above scenarios usually (not always) apply.