On Tuesday, June 25, 2002, at 08:26 PM, Analysis Solutions wrote:
I usually run PHP as CGI. My secure files are kept in a directory
that's
not under the */docroot. Thus, they can't be gotten to through the web
server at all. Plus, the secure files are chmoded 600 (which means they
On Tuesday, June 25, 2002, at 08:26 PM, Analysis Solutions wrote:
I usually run PHP as CGI. My secure files are kept in a directory
that's
not under the */docroot. Thus, they can't be gotten to through the
web
server at all. Plus, the secure files are chmoded 600 (which means
they
No. The only way they can get your source is by ftping or having shell
access to your server. And even then, they'd have to have read perms on
your web folder/files. If you were to have a lot of unknown people
jacking around on your server, you have a lot of other stuff to worry
about that
On Tuesday, June 25, 2002, at 03:46 PM, Peter wrote:
When you have the standard
$link = mysql_connect(localhost,username,secretpassword);
Would it not be possible for someone to use PHP from another server to
download your source and find out your MySQL details including password?
Yes.
On Tuesday, June 25, 2002, at 03:46 PM, Peter wrote:
When you have the standard
$link = mysql_connect(localhost,username,secretpassword);
Would it not be possible for someone to use PHP from another server to
download your source and find out your MySQL details including password?
Read 'Secure Programming in PHP':
http://www.zend.com/zend/art/art-oertli.php
cheers,
thalis
On Fri, 24 May 2002, Hawk wrote:
I was checking around on a page I made, and I just noticed the lack of
security, it is rather easy to gain admin status if you enter the right
?blabal=blablabla
6 matches
Mail list logo