Re: [PHP-DB] Protecting php scripts from source being downloaded
sorry, as I said Im kinda new, I was downloading the file from my webserver to my computer, and it downloaded the php file as a php file, non parsed by the preprocessor. But when other people download it it does only give the source sorry :) "Neil Thomson" <[EMAIL PROTECTED]> wrote in message 003e01c19933$7300d220$113331d2@home">news:003e01c19933$7300d220$113331d2@home... > u can download a php page from a download manager ? i just tryed with > flashget... & it phrased the php page into html first.. ? ? > > if you want to protect your say.. variables file from some1 trying in the > address of it. heres a simple way. in the variables file include > @header(status: error 404); (or how ever that code goes). then in the page u > want to include this. start the html tag first then include this > page. the @ will make it not report errors. so u can inclue the page > perfectally.. & when people try to look @ it, it will say it doesnt exist. > > Neil > > - Original Message - > From: Tom <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, January 09, 2002 8:00 AM > Subject: [PHP-DB] Protecting php scripts from source being downloaded > > > > Hi, im kinda new to this so be kind :) > > > > Im using mysql and php to create test databases (guestbook etc, basic > > stuff), but it doesnt seem so secure, people can just use a download > manager > > to download the php files and steal the mysql passwords. Is there anyway > to > > make it so they can see the php files through the brower but not download > my > > homecrafted php? > > > > Ive looked through many websites and the history of this, all I could find > > was one post which was to encript the files (this isnt really suitable for > > me as I edit bits and bobs as I go along). Is there anyway I can setup > > access as said in the above? Or just hid the password somehow? Im using > IIS > > 5.1. > > > > thanks > > tom > > > > > > > > -- > > PHP Database Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Protecting php scripts from source being downloaded
Or you could do something like: if(!empty($PHP_SELF)) { if(stristr($PHP_SELF," config.php")) { header("Status: 404 Not Found"); } } that's assuming you use the register_globals. If not, then you could simply grab $PHP_SELF from the environment variables. Ryan -Original Message- From: Neil Thomson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 12:31 PM To: Tom; [EMAIL PROTECTED] Subject: Re: [PHP-DB] Protecting php scripts from source being downloaded u can download a php page from a download manager ? i just tryed with flashget... & it phrased the php page into html first.. ? ? if you want to protect your say.. variables file from some1 trying in the address of it. heres a simple way. in the variables file include @header(status: error 404); (or how ever that code goes). then in the page u want to include this. start the html tag first then include this page. the @ will make it not report errors. so u can inclue the page perfectally.. & when people try to look @ it, it will say it doesnt exist. Neil - Original Message - From: Tom <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 09, 2002 8:00 AM Subject: [PHP-DB] Protecting php scripts from source being downloaded > Hi, im kinda new to this so be kind :) > > Im using mysql and php to create test databases (guestbook etc, basic > stuff), but it doesnt seem so secure, people can just use a download manager > to download the php files and steal the mysql passwords. Is there anyway to > make it so they can see the php files through the brower but not download my > homecrafted php? > > Ive looked through many websites and the history of this, all I could find > was one post which was to encript the files (this isnt really suitable for > me as I edit bits and bobs as I go along). Is there anyway I can setup > access as said in the above? Or just hid the password somehow? Im using IIS > 5.1. > > thanks > tom > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Protecting php scripts from source being downloaded
u can download a php page from a download manager ? i just tryed with flashget... & it phrased the php page into html first.. ? ? if you want to protect your say.. variables file from some1 trying in the address of it. heres a simple way. in the variables file include @header(status: error 404); (or how ever that code goes). then in the page u want to include this. start the html tag first then include this page. the @ will make it not report errors. so u can inclue the page perfectally.. & when people try to look @ it, it will say it doesnt exist. Neil - Original Message - From: Tom <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 09, 2002 8:00 AM Subject: [PHP-DB] Protecting php scripts from source being downloaded > Hi, im kinda new to this so be kind :) > > Im using mysql and php to create test databases (guestbook etc, basic > stuff), but it doesnt seem so secure, people can just use a download manager > to download the php files and steal the mysql passwords. Is there anyway to > make it so they can see the php files through the brower but not download my > homecrafted php? > > Ive looked through many websites and the history of this, all I could find > was one post which was to encript the files (this isnt really suitable for > me as I edit bits and bobs as I go along). Is there anyway I can setup > access as said in the above? Or just hid the password somehow? Im using IIS > 5.1. > > thanks > tom > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]