is this secure?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
speedy33417
Forum Contributor
Posts: 128
Joined: Sun Jul 23, 2006 1:14 pm

is this secure?

Post by speedy33417 »

I'm trying to make some part of my website password protected. Schedules, client infos, etc.

My idea is to build a skeleton page and include the content from a folder. The content inc filename would be saved in a database and pulled for a specific user.

Because the php part of my code cannot be viewed, the directory should be safe as long as I don't provide a link to download any files from there.

Am I right?

Thanks.
User avatar
a94060
Forum Regular
Posts: 543
Joined: Fri Feb 10, 2006 4:53 pm

Post by a94060 »

its basically what your saying,you jus include the db connections from some weired named folder and even if they find it,it will all be parsed by the php parser and will not show up.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

I believe that's called Security through Obscurity. I find it to be bad practice. People may not be able to find the files... but they are out in the open regardless.
User avatar
speedy33417
Forum Contributor
Posts: 128
Joined: Sun Jul 23, 2006 1:14 pm

Post by speedy33417 »

Yes, but I mean it's not like top secret information.

I could, on top of it, password protect that folder using htaccess. Or would that not allow me to include the file?

Or what would you suggest?
User avatar
a94060
Forum Regular
Posts: 543
Joined: Fri Feb 10, 2006 4:53 pm

Post by a94060 »

this question comes up a lot and i think (if im right) that it wouldnt really matter where you put the file because as long as its php data,it will be parsed and if it does not echo anything,you shouldnt leak anything.

Code: Select all

<?php
mysql_connect(host,user,pass);
?>
to my knowelge if i were to put that into a file and then try to access it from my broswer,it would just bring up a white blank window
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

if you have reason to protect it, protect it. If you want anyone to have access to it: don't.

http://www.php.net/features.http-auth
Post Reply