Page 1 of 1

is this secure?

Posted: Mon Sep 25, 2006 8:08 am
by speedy33417
I'm trying to make some part of my website password protected. Schedules, client infos, etc.

My idea is to build a skeleton page and include the content from a folder. The content inc filename would be saved in a database and pulled for a specific user.

Because the php part of my code cannot be viewed, the directory should be safe as long as I don't provide a link to download any files from there.

Am I right?

Thanks.

Posted: Mon Sep 25, 2006 9:18 am
by a94060
its basically what your saying,you jus include the db connections from some weired named folder and even if they find it,it will all be parsed by the php parser and will not show up.

Posted: Mon Sep 25, 2006 10:43 am
by Luke
I believe that's called Security through Obscurity. I find it to be bad practice. People may not be able to find the files... but they are out in the open regardless.

Posted: Mon Sep 25, 2006 11:27 am
by speedy33417
Yes, but I mean it's not like top secret information.

I could, on top of it, password protect that folder using htaccess. Or would that not allow me to include the file?

Or what would you suggest?

Posted: Mon Sep 25, 2006 2:55 pm
by a94060
this question comes up a lot and i think (if im right) that it wouldnt really matter where you put the file because as long as its php data,it will be parsed and if it does not echo anything,you shouldnt leak anything.

Code: Select all

<?php
mysql_connect(host,user,pass);
?>
to my knowelge if i were to put that into a file and then try to access it from my broswer,it would just bring up a white blank window

Posted: Mon Sep 25, 2006 3:23 pm
by patrikG
if you have reason to protect it, protect it. If you want anyone to have access to it: don't.

http://www.php.net/features.http-auth