DesignersTalk - View Single Post

DaiWelsh · 19-03-2004, 10:38

yep, php source is as safe as anything in plain text connected to a worldwide network can be

Seriously though, it is not like javascript, there is no easy way for a hacker to see it, only if they can break into your web host in which case all bets are off anyway.

Couple more things to watch out for:

When using includes remember to always use .php as extension or it may render when called directly (e.g. if you called an include file password.inc or less likely password.txt) depending on how that extension is handled by your server.

Ideally you should trap and log (or at the very least suppress) errors, otherwise when something goes wrong with your code/site the error message itself may give away useful info on your code. Also if you trap and log errors you may well spot attempted hacks before they succeed (or after they succeed but before they do too much damage).

HTH

19-03-2004, 10:38	#8 (permalink)
DaiWelsh Registered User Join Date: Mar 2004 Location: Derby, UK Posts: 24	yep, php source is as safe as anything in plain text connected to a worldwide network can be Seriously though, it is not like javascript, there is no easy way for a hacker to see it, only if they can break into your web host in which case all bets are off anyway. Couple more things to watch out for: When using includes remember to always use .php as extension or it may render when called directly (e.g. if you called an include file password.inc or less likely password.txt) depending on how that extension is handled by your server. Ideally you should trap and log (or at the very least suppress) errors, otherwise when something goes wrong with your code/site the error message itself may give away useful info on your code. Also if you trap and log errors you may well spot attempted hacks before they succeed (or after they succeed but before they do too much damage). HTH