Using PHP handler for HTML pages dangerous?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Heikos
Forum Newbie
Posts: 2
Joined: Wed May 12, 2010 4:28 am

Using PHP handler for HTML pages dangerous?

Post by Heikos »

Hi,

Recently, I've protected a bunch of HTML files by adding some PHP to it via the following rules in httpd.conf

<Directory /targetdirectory>
php_value auto_prepend_file /webdirectory/add.php
</Directory>

In add.php there is some code to check if a user is logged on. If not, then redirect to index.php.

I've heard that this solution is not a very good one, because of its performance cost and it being dangerous for it may, among other things, cause problems when processing multiple files at once due to a lack of locking or something.

My question thus is: can I use this solution safely?

Thanks in advance!
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Using PHP handler for HTML pages dangerous?

Post by Christopher »

That will work. There will not be "problems when processing multiple files at once due to a lack of locking or something."
(#10850)
Heikos
Forum Newbie
Posts: 2
Joined: Wed May 12, 2010 4:28 am

Re: Using PHP handler for HTML pages dangerous?

Post by Heikos »

Thanks a lot!
Post Reply