subject:"Re\: \[PHP\-DB\] Protecting php scripts from source being downloaded"

Re: [PHP-DB] Protecting php scripts from source being downloaded

2002-01-09 Thread Tom


sorry, as I said Im kinda new, I was downloading the file from my webserver
to my computer, and it downloaded the php file as a php file, non parsed by
the preprocessor. But when other people download it it does only give the
source

sorry :)

"Neil Thomson" <[EMAIL PROTECTED]> wrote in message
003e01c19933$7300d220$113331d2@home">news:003e01c19933$7300d220$113331d2@home...
> u can download a php page from a download manager ? i just tryed with
> flashget... & it phrased the php page into html first.. ? ?
>
> if you want to protect your say.. variables file from some1 trying in the
> address of it. heres a simple way. in the variables file include
> @header(status: error 404); (or how ever that code goes). then in the page
u
> want to include this. start the html tag first  then include this
> page. the @ will make it not report errors. so u can inclue the page
> perfectally.. & when people try to look @ it, it will say it doesnt exist.
>
> Neil
>
> - Original Message -
> From: Tom <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, January 09, 2002 8:00 AM
> Subject: [PHP-DB] Protecting php scripts from source being downloaded
>
>
> > Hi, im kinda new to this so be kind :)
> >
> > Im using mysql and php to create test databases (guestbook etc, basic
> > stuff), but it doesnt seem so secure, people can just use a download
> manager
> > to download the php files and steal the mysql passwords. Is there anyway
> to
> > make it so they can see the php files through the brower but not
download
> my
> > homecrafted php?
> >
> > Ive looked through many websites and the history of this, all I could
find
> > was one post which was to encript the files (this isnt really suitable
for
> > me as I edit bits and bobs as I go along). Is there anyway I can setup
> > access as said in the above? Or just hid the password somehow? Im using
> IIS
> > 5.1.
> >
> > thanks
> > tom
> >
> >
> >
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DB] Protecting php scripts from source being downloaded

2002-01-09 Thread Ryan Marrs


Or you could do something like:

if(!empty($PHP_SELF))
{
if(stristr($PHP_SELF," config.php"))
{ 
header("Status: 404 Not Found");
}
}

that's assuming you use the register_globals.  If not, then you could simply
grab $PHP_SELF from the environment variables.

Ryan


-Original Message-
From: Neil Thomson [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 09, 2002 12:31 PM
To: Tom; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Protecting php scripts from source being downloaded

u can download a php page from a download manager ? i just tryed with
flashget... & it phrased the php page into html first.. ? ?

if you want to protect your say.. variables file from some1 trying in the
address of it. heres a simple way. in the variables file include
@header(status: error 404); (or how ever that code goes). then in the page u
want to include this. start the html tag first  then include this
page. the @ will make it not report errors. so u can inclue the page
perfectally.. & when people try to look @ it, it will say it doesnt exist.

Neil

- Original Message -
From: Tom <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 09, 2002 8:00 AM
Subject: [PHP-DB] Protecting php scripts from source being downloaded


> Hi, im kinda new to this so be kind :)
>
> Im using mysql and php to create test databases (guestbook etc, basic
> stuff), but it doesnt seem so secure, people can just use a download
manager
> to download the php files and steal the mysql passwords. Is there anyway
to
> make it so they can see the php files through the brower but not download
my
> homecrafted php?
>
> Ive looked through many websites and the history of this, all I could find
> was one post which was to encript the files (this isnt really suitable for
> me as I edit bits and bobs as I go along). Is there anyway I can setup
> access as said in the above? Or just hid the password somehow? Im using
IIS
> 5.1.
>
> thanks
> tom
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DB] Protecting php scripts from source being downloaded

2002-01-09 Thread Neil Thomson


u can download a php page from a download manager ? i just tryed with
flashget... & it phrased the php page into html first.. ? ?

if you want to protect your say.. variables file from some1 trying in the
address of it. heres a simple way. in the variables file include
@header(status: error 404); (or how ever that code goes). then in the page u
want to include this. start the html tag first  then include this
page. the @ will make it not report errors. so u can inclue the page
perfectally.. & when people try to look @ it, it will say it doesnt exist.

Neil

- Original Message -
From: Tom <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 09, 2002 8:00 AM
Subject: [PHP-DB] Protecting php scripts from source being downloaded


> Hi, im kinda new to this so be kind :)
>
> Im using mysql and php to create test databases (guestbook etc, basic
> stuff), but it doesnt seem so secure, people can just use a download
manager
> to download the php files and steal the mysql passwords. Is there anyway
to
> make it so they can see the php files through the brower but not download
my
> homecrafted php?
>
> Ive looked through many websites and the history of this, all I could find
> was one post which was to encript the files (this isnt really suitable for
> me as I edit bits and bobs as I go along). Is there anyway I can setup
> access as said in the above? Or just hid the password somehow? Im using
IIS
> 5.1.
>
> thanks
> tom
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DB] Protecting php scripts from source being downloaded

RE: [PHP-DB] Protecting php scripts from source being downloaded

Re: [PHP-DB] Protecting php scripts from source being downloaded

3 matches

Site Navigation

Mail list logo

Footer information