Hidding PHP scripts?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
DoctorT
Forum Newbie
Posts: 3
Joined: Thu Mar 31, 2011 4:56 am

Hidding PHP scripts?

Post by DoctorT »

Hi!

I am using a formmail php script that includes my real email address. The script is stored in the public_html folder. Can "bots" harvest the address?

FYI, The HTML form that calls the script uses an alias email address instead of the real address.

Thank you.

Dr. T.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Hidding PHP scripts?

Post by califdon »

Only if they know or can guess the filename of the script.
DoctorT
Forum Newbie
Posts: 3
Joined: Thu Mar 31, 2011 4:56 am

Re: Hidding PHP scripts?

Post by DoctorT »

Califdon,

Thank you for your reply.

Unfortunately, it's a third-party script (Tectite's) and the filename is FormMail.php.

Dr. T.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Hidding PHP scripts?

Post by califdon »

Personally, I wouldn't worry about it. If there were thousands of email addresses that somebody might want to harvest (or if it were your bank account PIN number or something), it might be worth changing the filename to something nonstandard and changing the script that calls it, but the risk that somebody will really go out of their way to harvest one email address is approaching the vanishing point. Those guys deal in millions of addresses, they don't waste their time on getting one.
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: Hidding PHP scripts?

Post by flying_circus »

califdon wrote:Only if they know or can guess the filename of the script.
Hey Califdon,

Can you clarify what you're seeing that I'm not? If the email address is in a PHP file, how can a bot harvest it?
Post Reply