PHP Security Question

Barks

Barks

Barks

Soldato
Joined
20 Jul 2008
Posts
4,411
This may seem like a stupid question but I've only just started PHP so play nice :D

I've just finished a tutorial that uses an MVC style approach to build a simple login page that redirects the user to a Member's Area. It works brilliantly.

Question: What is to stop someone downloading all your PHP files straight off the webserver, opening them in notepad and viewing code like the following:

PHP: 
// database settings
$server = 'localhost';
$user = 'root';
$pass = 'starbucks';
$db = 'pop_login';

// connect to the database
$Database = new mysqli($server, $user, $pass, $db);

// error reporting
mysqli_report(MYSQLI_REPORT_ERROR);

Thus gaining access to sensitive information.

I can see how content in the MySQL database is secure but what about content in the actual PHP files?

Cheers
 
mrbell1984 said:
Scott, this type of PHP info can't be accessed just by viewing the source. Try it.
Click to expand...

I know it can't, I understand you only see the results of your php code but aren't there programmes that let you basically download the contents of a website without knowing the ftp details? In which case couldn't one just pull out all the php files off the server?

Or would you need to know your hosting details (ftp details etc) in order to download the actual PHP files from the server?

gord said:
Unless there are some major security flaws then PHP is a server side language and as such the scripts are executed whenever they are accessed by a user. You can't access the true source unless you have access to the file system. In which case you've got bigger fish to fry.
Click to expand...

So basically it isn't something I should worry about for the sort of projects I'm working on?

At the moment it wouldn't be the end of the world if someone accessed the 'members page' as it's more of a gimmick for what one client has in mind but in the future I just want to have a greater understanding of the security risks of PHP.

dfarrall said:
This!

Were is the tutorial your learning from if you don't mind me asking?
Click to expand...

http://www.youtube.com/watch?v=vC6pzV1_fv8

You have to be a premium member to access the full course on their website. I did pay for it but so far it's money well spent. I've learnt an enormous amount and he goes over things slowly enough for a newbie to follow.
 
Last edited:
Instead of me asking a million questions perhaps someone knows of something I can read (not too advanced though) that highlights the security issues with PHP etc.
 
You must log in or register to reply here.
Back
Top Bottom