002 02:10:01 +0200 (EET)
> From: Radu Filip <[EMAIL PROTECTED]>
> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> Cc: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> Subject: Re: [PHP] PHP Security - "view source code"
>
> On Thu, 17 Jan
Best solution still seems to be to keep those includes out of your document root.
bvr.
On Thu, 17 Jan 2002 08:41:37 -0800 (PST), Rasmus Lerdorf wrote:
>> On Wednesday, January 16, 2002, at 08:04 PM, Rasmus Lerdorf wrote:
>>
>> > No, it is safer to block access to .inc files with an httpd.conf
on 1/17/02 9:21 AM, Erik Price at [EMAIL PROTECTED] wrote:
> On my Linux box, which is shared with several users (I am admin), I
> would like to do something like this -- if I created the group "php",
> and added myself to that group, I could use files associated with the
> group "php". My web s
> On Wednesday, January 16, 2002, at 08:04 PM, Rasmus Lerdorf wrote:
>
> > No, it is safer to block access to .inc files with an httpd.conf rule.
> > Allowing people to execute files that were meant to be included out of
> > context could end up being much more dangerous than simply having people
On Wednesday, January 16, 2002, at 08:04 PM, Rasmus Lerdorf wrote:
> No, it is safer to block access to .inc files with an httpd.conf rule.
> Allowing people to execute files that were meant to be included out of
> context could end up being much more dangerous than simply having people
> see t
On Wednesday, January 16, 2002, at 07:22 PM, Christopher William Wesley
wrote:
> If you are the server's admin, or know the person well, you can tighten
> the file permissions down more with a little administrative work ...
> adding a new group of which your user and the web server are a membe
on 1/16/02 6:04 PM, Rasmus Lerdorf at [EMAIL PROTECTED] wrote:
>> On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote:
>>
>> (1) avoid using .inc files; use .php files like for normal script
>
> No, it is safer to block access to .inc files with an httpd.conf rule.
> Allowing people to execute files th
> On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote:
>
> > I've seen a number of sites for example that didn't have the .inc extension
>registered,
> > include() doesn't care about that, but if your includes are under the document
>root of your
> > website (that happens a lot too, i don't know why ?
On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote:
> I've seen a number of sites for example that didn't have the .inc extension
>registered,
> include() doesn't care about that, but if your includes are under the document root
>of your
> website (that happens a lot too, i don't know why ?) and you
On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote:
> I've seen a number of sites for example that didn't have the .inc extension
>registered,
> include() doesn't care about that, but if your includes are under the document root
>of your
> website (that happens a lot too, i don't know why ?) and you
Apart from unfortunately placed ?> 's or " 's this is possible.
A very common mistake is not to register all of your php file extensions with apache.
I've seen a number of sites for example that didn't have the .inc extension registered,
include() doesn't care about that, but if your includes a
The entire page, PHP with HTML, is sent to the PHP engine. It follows
the instructions of the PHP code, outputting only HTML and error
messages, and then hands the data to the web server which sends it to
your browser. Unless something damages the PHP engine, causing the
webserver to serve t
PHP is a server side language so the PHP engine parses all the php code in
your webpage and then spits out html code. So when surfing through a
website that uses PHP you will never see PHP code unless of course you
screwed up and echoed the data :)
Rick
"How wonderful it is that nobody need wai
The PHP code is parsed and interpreted at the server level, and then returns
only the output to the browser. It is not possible to view PHP code via
"view source".
- Original Message -
From: "Phil Schwarzmann" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 16, 2002 1
Well, if you do "View Source" on any browser, it will only show the
source code of the HTML that the page has rendered, not the
PHP/Perl/ASP/Cold Fusion/whatever that was used to generate the HTML
code. So using "View Source" will never show you the programming behind
the HTML.
That said, I
15 matches
Mail list logo
