[PHP-DB] Protecting php scripts from source being downloaded
Hi, im kinda new to this so be kind :) Im using mysql and php to create test databases (guestbook etc, basic stuff), but it doesnt seem so secure, people can just use a download manager to download the php files and steal the mysql passwords. Is there anyway to make it so they can see the php files through the brower but not download my homecrafted php? Ive looked through many websites and the history of this, all I could find was one post which was to encript the files (this isnt really suitable for me as I edit bits and bobs as I go along). Is there anyway I can setup access as said in the above? Or just hid the password somehow? Im using IIS 5.1. thanks tom -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Protecting php scripts from source being downloaded
u can download a php page from a download manager ? i just tryed with flashget... it phrased the php page into html first.. ? ? if you want to protect your say.. variables file from some1 trying in the address of it. heres a simple way. in the variables file include @header(status: error 404); (or how ever that code goes). then in the page u want to include this. start the html tag first html then include this page. the @ will make it not report errors. so u can inclue the page perfectally.. when people try to look @ it, it will say it doesnt exist. Neil - Original Message - From: Tom [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 09, 2002 8:00 AM Subject: [PHP-DB] Protecting php scripts from source being downloaded Hi, im kinda new to this so be kind :) Im using mysql and php to create test databases (guestbook etc, basic stuff), but it doesnt seem so secure, people can just use a download manager to download the php files and steal the mysql passwords. Is there anyway to make it so they can see the php files through the brower but not download my homecrafted php? Ive looked through many websites and the history of this, all I could find was one post which was to encript the files (this isnt really suitable for me as I edit bits and bobs as I go along). Is there anyway I can setup access as said in the above? Or just hid the password somehow? Im using IIS 5.1. thanks tom -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Protecting php scripts from source being downloaded
Or you could do something like:
if(!empty($PHP_SELF))
{
if(stristr($PHP_SELF, config.php))
{
header(Status: 404 Not Found);
}
}
that's assuming you use the register_globals. If not, then you could simply
grab $PHP_SELF from the environment variables.
Ryan
-Original Message-
From: Neil Thomson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 09, 2002 12:31 PM
To: Tom; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Protecting php scripts from source being downloaded
u can download a php page from a download manager ? i just tryed with
flashget... it phrased the php page into html first.. ? ?
if you want to protect your say.. variables file from some1 trying in the
address of it. heres a simple way. in the variables file include
@header(status: error 404); (or how ever that code goes). then in the page u
want to include this. start the html tag first html then include this
page. the @ will make it not report errors. so u can inclue the page
perfectally.. when people try to look @ it, it will say it doesnt exist.
Neil
- Original Message -
From: Tom [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 09, 2002 8:00 AM
Subject: [PHP-DB] Protecting php scripts from source being downloaded
Hi, im kinda new to this so be kind :)
Im using mysql and php to create test databases (guestbook etc, basic
stuff), but it doesnt seem so secure, people can just use a download
manager
to download the php files and steal the mysql passwords. Is there anyway
to
make it so they can see the php files through the brower but not download
my
homecrafted php?
Ive looked through many websites and the history of this, all I could find
was one post which was to encript the files (this isnt really suitable for
me as I edit bits and bobs as I go along). Is there anyway I can setup
access as said in the above? Or just hid the password somehow? Im using
IIS
5.1.
thanks
tom
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Protecting php scripts from source being downloaded
sorry, as I said Im kinda new, I was downloading the file from my webserver to my computer, and it downloaded the php file as a php file, non parsed by the preprocessor. But when other people download it it does only give the source sorry :) Neil Thomson [EMAIL PROTECTED] wrote in message 003e01c19933$7300d220$113331d2@home">news:003e01c19933$7300d220$113331d2@home... u can download a php page from a download manager ? i just tryed with flashget... it phrased the php page into html first.. ? ? if you want to protect your say.. variables file from some1 trying in the address of it. heres a simple way. in the variables file include @header(status: error 404); (or how ever that code goes). then in the page u want to include this. start the html tag first html then include this page. the @ will make it not report errors. so u can inclue the page perfectally.. when people try to look @ it, it will say it doesnt exist. Neil - Original Message - From: Tom [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 09, 2002 8:00 AM Subject: [PHP-DB] Protecting php scripts from source being downloaded Hi, im kinda new to this so be kind :) Im using mysql and php to create test databases (guestbook etc, basic stuff), but it doesnt seem so secure, people can just use a download manager to download the php files and steal the mysql passwords. Is there anyway to make it so they can see the php files through the brower but not download my homecrafted php? Ive looked through many websites and the history of this, all I could find was one post which was to encript the files (this isnt really suitable for me as I edit bits and bobs as I go along). Is there anyway I can setup access as said in the above? Or just hid the password somehow? Im using IIS 5.1. thanks tom -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
