security question

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi Folk

If I have a file in the public html directory (e.g. mypage.php) then can  
anyone read this file (i.e. read its actual content rather then the  
interpreted contents it returns when someone opens

If so, how do they do that?


- Nicolaas

Re: security question


Unless they have a login to your server, then no they can't. They see  
exactly what you see through a browser.

(If they have access to the server however they can see the code).

windandwaves wrote:
Quoted text here. Click to load it

Re: security question

Hash: SHA1

windandwaves wrote:

Quoted text here. Click to load it

Not in most cases. As it has been already said, .php files are interpreted
and run, not read, if the webserver configuration is right.

Quoted text here. Click to load it

A way to circumvent this is to make use of some unsecure script that is able
to read files from the server and output it to the client with no or little
checks, something like:

- --  
- ----------------------------------
Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net ; ;
Version: GnuPG v1.4.2 (GNU/Linux)


Re: security question

windandwaves wrote:
Quoted text here. Click to load it
if your webserver is not configured to interpret files with the file  
extension php by passing them to PHP, then it will most likely display  
/mypage.php as plain text when it is requested.


Re: security question

If PHP is misconfigured or otherwise fails to run then the file will
not be processed by the engine resulting in the contents of the file
being exposed in plain text format. If everything is configured
correctly and the PHP files are parsed only the output will be received
through the HTTP server.

Site Timeline