HI,
first post here so be gentle!!
I was recently asked a question to which I could not give a definitive answer, so thought it would be good to get the communities input.
If a user was to create a file (i.e, settings.php) with a php variable in it (i.e, $pass='blahblah'; ), how easy is it for a hacker to obtain this?
I have tried myself with some page scraping code and successfully could not retrieve the value.
Thoughts?
Paul
PHP code scraping
Moderator: General Moderators
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
Get a shared host account on the same server and try a few Perl, PHP or other language scripts to see if you can read the file. 
No, it shouldn't be possible using PHP from outside the webserver. The file has no connection to an echo() or print() function.
Sometimes it's possible to grab the file using anonymous ftp if the host is badly configured and the file is world-readable in an executable directory - usually 777.
Read a PHP or other security book regarding the web for things to check for in securing any server environment.
No, it shouldn't be possible using PHP from outside the webserver. The file has no connection to an echo() or print() function.
Sometimes it's possible to grab the file using anonymous ftp if the host is badly configured and the file is world-readable in an executable directory - usually 777.
Read a PHP or other security book regarding the web for things to check for in securing any server environment.
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland