I use something that accomplishes the same (displays the source of a file),
but doesn't accept the file name as a parameter. The script is also in a
directory with a password and is restricted by ip. Not perfect, but alot
better.
----- Original Message -----
From: "Hankley, Chip" <[EMAIL PROTECTED]>
To: "PHP Mailingliste" <[EMAIL PROTECTED]>
Sent: Wednesday, July 04, 2001 8:45 AM
Subject: RE: [PHP] Security of PHP code
> OK,
>
> I'm pretty new to PHP, and have been reading this thread, and am just a
> little freaked.
>
> If I understand this right, the only way reason we can view the source
code
> of those pages is that the web server on which the page resides
essentially
> has a PHP page somewhere on their site that has some variation of:
>
> <?show_source($file);?>
>
> as it's content, right?
>
> While I can see the utility of that for some situations
> (teaching...examples, etc.), it seems like a huge potential for security
> breaches.
>
> Is it possible to have such a function on your site w/o giving access to
ALL
> of your documents...
>
> Chip
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
