Re: [PHP] Re: The secrecy of PHP code
> If your php-code is on a web-server which gives access to other than you > they can read your code. An example could be other people being hosted > on the same server.. Not necessarily. You can enable safe_mode and/or set an open_basedir in order to prevent those people from doing that. You should also ensure that your *nix permissions won't allow them to do that without interacting with the Web server. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: The secrecy of PHP code
On Tue, 14 Aug 2001 12:06:01 +0200 impersonator of [EMAIL PROTECTED] (Soeren Nielsen) planted &I saw in php.general: > >"Ben-Nes Michael" <[EMAIL PROTECTED]> wrote in message >022201c12498$79178ce0$[EMAIL PROTECTED]">news:022201c12498$79178ce0$[EMAIL PROTECTED]... >> The problem still stays if you open php to system commands like `echo >> /etc/passwd` or using system() > >A problem is also that other web-programers can read your source code >through PHP. >An example from my page is this: >My homepage is here: /hotel//WWW > >I can make a php-script that opens /hotels//WWW , >list the files, view them, steal code from others etc etc. > >Hope what I wrote gave some sort of meaning :-) > Well. Skliar's example do confirm once again, that programmers _can_ do illegal things, like breaking copyrihgt, stealing the code etc. But is is responsibilities of the servers administrators to configure the system in such a way - even if it has multiply users (which is the case for most) - so to not allow such (and alike) sample opening occur outside of web-server structure. And only owner/user of the site has a passworded FTP and other access to his data outside of web-server. Of course passwords could be compromised, but this is an another matter. All in all - I strongly believe - that server stuff is carriing full responsibility for the above matter. And only the should have root access. PS: There are servers, to my surprise, (i rent one:() that set write group attribute for files on download by default, and then refuse executing them on this basis, so you have to re-set attribute manually. But this alone still doesn't allow others to read .php as source (these files can only be overwritten) >/Søren > > Just my legal 2c i leonid. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: The secrecy of PHP code
"Ben-Nes Michael" <[EMAIL PROTECTED]> wrote in message 022201c12498$79178ce0$[EMAIL PROTECTED]">news:022201c12498$79178ce0$[EMAIL PROTECTED]... > The problem still stays if you open php to system commands like `echo > /etc/passwd` or using system() A problem is also that other web-programers can read your source code through PHP. An example from my page is this: My homepage is here: /hotel//WWW I can make a php-script that opens /hotels//WWW , list the files, view them, steal code from others etc etc. Hope what I wrote gave some sort of meaning :-) /Søren -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: The secrecy of PHP code
its a problem because the code is not compiled into binary file, and then every one who can browse the directory ( using ftp for example ) can view your code. To prevent this ( as root ) I chroot every user that log to ftp to another directory so they cant go out and browse the /etc /php-directories or what ever. The problem still stays if you open php to system commands like `echo /etc/passwd` or using system() -- Canaan Surfing Ltd. Internet Service Providers Ben-Nes Michael - Manager Tel: 972-4-6991122 http://sites.canaan.co.il -- - Original Message - From: "Soeren Nielsen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 14, 2001 10:56 AM Subject: [PHP] Re: The secrecy of PHP code > > "James Shaker" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Greetings, > > [snip] calculations and I code them in PHP > > for use on a website are they safe from being > > viewed or taken? > > If your php-code is on a web-server which gives access to other than you > they can read your code. An example could be other people being hosted > on the same server.. > > Regards, > Søren > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: The secrecy of PHP code
"James Shaker" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Greetings, > [snip] calculations and I code them in PHP > for use on a website are they safe from being > viewed or taken? If your php-code is on a web-server which gives access to other than you they can read your code. An example could be other people being hosted on the same server.. Regards, Søren -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]