/    Sign up×
Community /Pin to ProfileBookmark

PHP source secure?

Copy linkTweet thisAlerts:
Apr 28.2007

I’m not new to PHP, but I haven’t spent the time needed to be considered good at it. I know enough to do what I want mostly, but now I’m working with MySQL and a concern popped into my head like a bomb going off…

Is my php code on my site secure from viewing? A tutorial I’m working through now talks about connecting to my database, and in the code is

[CODE]$connid = mysql_connect (‘servername’ , ‘username’ , ‘password’);[/CODE]

What keeps someone from reading my source, getting that login information, and compromising my database?
The database contains useless info for anything else but my specific task at hand, not like login info or anything.
And I’m real careful with my ftp info and database info. I’m just talking about someone getting that info out of a folder on my site, like view source for html.

Thanks!
Hop

to post a comment
PHP

4 Comments(s)

Copy linkTweet thisAlerts:
@NogDogApr 28.2007 — The only way anyone should be able to see your PHP source code is if they have FTP access or login access to your site, or if you do not have a default web page in a given directory and your webserver settings allow for automatic FTP directory listing in that case. If on Apache web server, you can turn off that behavior in a .htaccess file in you web root directory with this line:
<i>
</i>Options -Indexes
Copy linkTweet thisAlerts:
@HopworksauthorApr 28.2007 — The only way anyone should be able to see your PHP source code is if they have FTP access or login access to your site, or if you do not have a default web page in a given directory and your webserver settings allow for automatic FTP directory listing in that case. If on Apache web server, you can turn off that behavior in a .htaccess file in you web root directory with this line:
<i>
</i>Options -Indexes
[/QUOTE]
Thank you! I wondered how I could do that, and I'm doing that right now, and thank you for the reassurance about my code. =)

Hop
Copy linkTweet thisAlerts:
@matt_fawcettApr 28.2007 — I usually put secure details such as passwords below the root of the apache directory. that way if anything happens with php your source isnt viewable
Copy linkTweet thisAlerts:
@bokehApr 30.2007 — The only way anyone should be able to see your PHP source code is if they have FTP access or login access to your site[/QUOTE]That's not true. Any file with 0644 permission can be read by the webserver allowing anyone that shares the server to read it.
×

Success!

Help @Hopworks spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.5,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...