Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Forum displays PHP code, not website
- Thomas 'PointedEars' Lahn
March 24, 2012, 9:24 am
Re: Forum displays PHP code, not website
Although it is often the initial/beginner's approach, it is a Really Bad
Idea. Security is one aspect; deployment and maintenance is another. For
example, you would certainly not use the same database passwords locally as
you would on the server you deploy to, and you would certainly not want to
modify the main code every time a new user account becomes necessary.
The least you should do is keep the main code and authorization information
apart. The most simple way is an include that only PHP can read. The most
secure and versatile way – PK applications aside – is to use an
initialization file outside of the DOCUMENT_ROOT; for PDO there is a user-
provided example in the PHP Manual.
In fact, the majority of the LOCs of a web application should be located
outside of the DOCUMENT_ROOT (which is why ~/cgi-bin is deprecated), but
that is not always possible.
Anyone who slaps a 'this page is best viewed with Browser X' label on
a Web page appears to be yearning for the bad old days, before the Web,
when you had very little chance of reading a document written on another
computer, another word processor, or another network. -- Tim Berners-Lee
- » Random string from selected Unicode character set (test data)
- — Previous thread in » PHP Scripting Forum