Forum displays PHP code, not website - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Forum displays PHP code, not website

P E Schoen wrote:

Quoted text here. Click to load it

Although it is often the initial/beginner's approach, it is a Really Bad
Idea.  Security is one aspect; deployment and maintenance is another.  For
example, you would certainly not use the same database passwords locally as
you would on the server you deploy to, and you would certainly not want to
modify the main code every time a new user account becomes necessary.

The least you should do is keep the main code and authorization information
apart.  The most simple way is an include that only PHP can read.  The most
secure and versatile way – PK applications aside – is to use an
initialization file outside of the DOCUMENT_ROOT; for PDO there is a user-
provided example in the PHP Manual.

In fact, the majority of the LOCs of a web application should be located
outside of the DOCUMENT_ROOT (which is why ~/cgi-bin is deprecated), but
that is not always possible.

Anyone who slaps a 'this page is best viewed with Browser X' label on
a Web page appears to be yearning for the bad old days, before the Web,
when you had very little chance of reading a document written on another
computer, another word processor, or another network. -- Tim Berners-Lee

Site Timeline