* Thus wrote Gabino Travassos ([EMAIL PROTECTED]):
> Hello All
>
> I'm just starting to get PHP, and I'm wondering about the security of the
> code I write. It _seems_ that when I try to download the PHP file directly
> (like using Save Target As...) it will download only as an HTML file and my
> PHP code is gone. I've tried this on a few other people's sites, and this
> seems to be the common behavior. Is there a way someone can extract my php
> file without this transformation? What are some good security issues I
> should know?
One measure to take is to keep sensitive information, like database
login info, outside the public web tree. Just in case the
webserver does get misconfigured and doesn't process the php code,
but sends the file as plain text; that information isn't
compromised.
/www/include/db_conf.php:
<?php
$db_conf['server'] = 'localhost';
$db_conf['user'] = 'username';
$db_conf['pass'] = 'password';
?>
/www/public_html/index.php:
<?php
require_once('db_conf.php');
$dbh = mysql_connect(db_conf['server'], $db_conf['user'], $db_conf['pass']);
?>
Curt
--
"I used to think I was indecisive, but now I'm not so sure."
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
