Re: [PHP] PHP Security - "view source code"

2002-01-21 Thread Sukumar S.
002 02:10:01 +0200 (EET) > From: Radu Filip <[EMAIL PROTECTED]> > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > Cc: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > Subject: Re: [PHP] PHP Security - "view source code" > > On Thu, 17 Jan

Re: [PHP] PHP Security - "view source code"

2002-01-17 Thread [EMAIL PROTECTED]
Best solution still seems to be to keep those includes out of your document root. bvr. On Thu, 17 Jan 2002 08:41:37 -0800 (PST), Rasmus Lerdorf wrote: >> On Wednesday, January 16, 2002, at 08:04 PM, Rasmus Lerdorf wrote: >> >> > No, it is safer to block access to .inc files with an httpd.conf

Re: [PHP] PHP Security - "view source code"

2002-01-17 Thread mike cullerton
on 1/17/02 9:21 AM, Erik Price at [EMAIL PROTECTED] wrote: > On my Linux box, which is shared with several users (I am admin), I > would like to do something like this -- if I created the group "php", > and added myself to that group, I could use files associated with the > group "php". My web s

Re: [PHP] PHP Security - "view source code"

2002-01-17 Thread Rasmus Lerdorf
> On Wednesday, January 16, 2002, at 08:04 PM, Rasmus Lerdorf wrote: > > > No, it is safer to block access to .inc files with an httpd.conf rule. > > Allowing people to execute files that were meant to be included out of > > context could end up being much more dangerous than simply having people

Re: [PHP] PHP Security - "view source code"

2002-01-17 Thread Erik Price
On Wednesday, January 16, 2002, at 08:04 PM, Rasmus Lerdorf wrote: > No, it is safer to block access to .inc files with an httpd.conf rule. > Allowing people to execute files that were meant to be included out of > context could end up being much more dangerous than simply having people > see t

Re: [PHP] PHP Security - "view source code"

2002-01-17 Thread Erik Price
On Wednesday, January 16, 2002, at 07:22 PM, Christopher William Wesley wrote: > If you are the server's admin, or know the person well, you can tighten > the file permissions down more with a little administrative work ... > adding a new group of which your user and the web server are a membe

Re: [PHP] PHP Security - "view source code"

2002-01-16 Thread mike cullerton
on 1/16/02 6:04 PM, Rasmus Lerdorf at [EMAIL PROTECTED] wrote: >> On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote: >> >> (1) avoid using .inc files; use .php files like for normal script > > No, it is safer to block access to .inc files with an httpd.conf rule. > Allowing people to execute files th

Re: [PHP] PHP Security - "view source code"

2002-01-16 Thread Rasmus Lerdorf
> On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote: > > > I've seen a number of sites for example that didn't have the .inc extension >registered, > > include() doesn't care about that, but if your includes are under the document >root of your > > website (that happens a lot too, i don't know why ?

Re: [PHP] PHP Security - "view source code"

2002-01-16 Thread Christopher William Wesley
On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote: > I've seen a number of sites for example that didn't have the .inc extension >registered, > include() doesn't care about that, but if your includes are under the document root >of your > website (that happens a lot too, i don't know why ?) and you

Re: [PHP] PHP Security - "view source code"

2002-01-16 Thread Radu Filip
On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote: > I've seen a number of sites for example that didn't have the .inc extension >registered, > include() doesn't care about that, but if your includes are under the document root >of your > website (that happens a lot too, i don't know why ?) and you

Re: [PHP] PHP Security - "view source code"

2002-01-16 Thread [EMAIL PROTECTED]
nn" <[EMAIL PROTECTED]> >> Date: Wed, 16 Jan 2002 16:03:45 -0500 >> To: <[EMAIL PROTECTED]> >> Subject: [PHP] PHP Security - "view source code" >> >> How easy/hard is it to view the PHP source code when you're at website? >> >> I noti

Re: [PHP] PHP Security - "view source code"

2002-01-16 Thread Erik Price
The entire page, PHP with HTML, is sent to the PHP engine. It follows the instructions of the PHP code, outputting only HTML and error messages, and then hands the data to the web server which sends it to your browser. Unless something damages the PHP engine, causing the webserver to serve t

Re: [PHP] PHP Security - "view source code"

2002-01-16 Thread Richard Baskett
need wait a single moment to improve the world." - Anne Frank > From: "Phil Schwarzmann" <[EMAIL PROTECTED]> > Date: Wed, 16 Jan 2002 16:03:45 -0500 > To: <[EMAIL PROTECTED]> > Subject: [PHP] PHP Security - "view source code" > > How easy/h

Re: [PHP] PHP Security - "view source code"

2002-01-16 Thread Jason Bell
ent: Wednesday, January 16, 2002 1:03 PM Subject: [PHP] PHP Security - "view source code" > How easy/hard is it to view the PHP source code when you're at website? > > I noticed when I was using Internet Explorer, if I pressed "view > source"...it would show

Re: [PHP] PHP Security - "view source code"

2002-01-16 Thread Richard Crawford
Well, if you do "View Source" on any browser, it will only show the source code of the HTML that the page has rendered, not the PHP/Perl/ASP/Cold Fusion/whatever that was used to generate the HTML code. So using "View Source" will never show you the programming behind the HTML. That said, I

[PHP] PHP Security - "view source code"

2002-01-16 Thread Phil Schwarzmann
How easy/hard is it to view the PHP source code when you're at website? I noticed when I was using Internet Explorer, if I pressed "view source"...it would show the HTML but not the PHP. -Phil