Stealing my Code

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
anthony88guy
Forum Contributor
Posts: 246
Joined: Thu Jan 20, 2005 8:22 pm

Stealing my Code

Post by anthony88guy »

So i made a php program that you can send me a comment on my website. So my friend is like yeh i can get your code, like i steal SWF off newgrounds. So he said if i can if you give me $5, and vica versa. So i let him, where at the library on my free period and he does the follow code.

Code: Select all

<html>
<head> Whatever
</head>
<body>
<a href="link to php file he wants">
</body>
</html>
Now would this get the file and be able to save it? I hope i didn;t lose $5 and this would be a major secruity flaw if this can happen.

anthony
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

the link does nothing useful if the php file being requested is parsed by the server, which it should be.
anthony88guy
Forum Contributor
Posts: 246
Joined: Thu Jan 20, 2005 8:22 pm

Post by anthony88guy »

parsed by the server
what does this mean?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

if the file extension is known to the server as a php file, the server will only send the output generated by the script, not the script itself.
anthony88guy
Forum Contributor
Posts: 246
Joined: Thu Jan 20, 2005 8:22 pm

Post by anthony88guy »

so i made my self $5
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Make a couple more bets with your friend and then buy feyd a couple of beers, he deserves them.
kaYak
Forum Commoner
Posts: 65
Joined: Mon Feb 02, 2004 2:43 pm
Location: USA

Post by kaYak »

Like feyd said, the file should be parsed by the server. When parsed by the server it can only output HTML to the browser, no php will be shown. If php is installed on the server and php scripts are defined to have the file extension .php there should be no problems. If you try this locally on your computer and not on the server, then it should pop up a download box to download the script, but that really is besides the point. So you won the bet. :D Maybe your friend was thinking of getting JavaScript by viewing the source.
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

Depends, if he specifically said your PHP code, he loses. If he said your code, he could say he was refering to the HTML, which he COULD get.

Better bewar.
kaYak
Forum Commoner
Posts: 65
Joined: Mon Feb 02, 2004 2:43 pm
Location: USA

Post by kaYak »

LiLpunkSkateR wrote:Depends, if he specifically said your PHP code, he loses. If he said your code, he could say he was refering to the HTML, which he COULD get.

Better bewar.
Well, he said he wrote a php script so it seems as though he would be referring to that, but I suppose he could mean HTML.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Do you have anything in your HTML that no one has ever done before? No. So who cares anyway?
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

His $5 cares.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

LiLpunkSkateR wrote:His $5 cares.
I was refering to why would you make a bet on stealing HTML code... woopdidoo! 8)
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Of course, there's always the slight possibility that you got a really crappy webhost and they don't have PHP support.

That or it's a Window's server.
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

Ambush Commander wrote: That or it's a Window's server.
I run a WAMP server thank you very much. :roll:

The operating system has nothing to do with how he's stealing it. If you look at the code, the kinds of things he could "steal" (aka download) would include static files (html, css, js, mov, swf, etc..).
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Most shared hosting give you ASP for Windows and PHP for Unix based systems. True, I use Windows and I have PHP running too. Ah well. I guess I haven't seen enough webservers out there.
The operating system has nothing to do with how he's stealing it. If you look at the code, the kinds of things he could "steal" (aka download) would include static files (html, css, js, mov, swf, etc..).
Yes. We shall not go into a rant about how futile it is to try to obfuscate HTML code, for all attempts shall end in VAIN!!! I guess it's the server config that really has to do with it. My mistake.
Post Reply