RE: [PHP-DB] Protecting php scripts from source being downloaded

Wed, 09 Jan 2002 09:43:34 -0800 

Or you could do something like:

if(!empty($PHP_SELF))
        {
                if(stristr($PHP_SELF," config.php"))
                        { 
                                header("Status: 404 Not Found");
                        }
        }

that's assuming you use the register_globals.  If not, then you could simply
grab $PHP_SELF from the environment variables.

Ryan


-----Original Message-----
From: Neil Thomson [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 09, 2002 12:31 PM
To: Tom; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Protecting php scripts from source being downloaded

u can download a php page from a download manager ? i just tryed with
flashget... & it phrased the php page into html first.. ? ?

if you want to protect your say.. variables file from some1 trying in the
address of it. heres a simple way. in the variables file include
@header(status: error 404); (or how ever that code goes). then in the page u
want to include this. start the html tag first <html> then include this
page. the @ will make it not report errors. so u can inclue the page
perfectally.. & when people try to look @ it, it will say it doesnt exist.

Neil

----- Original Message -----
From: Tom <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 09, 2002 8:00 AM
Subject: [PHP-DB] Protecting php scripts from source being downloaded


> Hi, im kinda new to this so be kind :)
>
> Im using mysql and php to create test databases (guestbook etc, basic
> stuff), but it doesnt seem so secure, people can just use a download
manager
> to download the php files and steal the mysql passwords. Is there anyway
to
> make it so they can see the php files through the brower but not download
my
> homecrafted php?
>
> Ive looked through many websites and the history of this, all I could find
> was one post which was to encript the files (this isnt really suitable for
> me as I edit bits and bobs as I go along). Is there anyway I can setup
> access as said in the above? Or just hid the password somehow? Im using
IIS
> 5.1.
>
> thanks
> tom
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to