Welcome to WebmasterWorld Guest from 54.227.126.69

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

PHP Security

     
7:59 am on Mar 16, 2005 (gmt 0)

New User

10+ Year Member

joined:Mar 3, 2005
posts:27
votes: 0


I am quite new to PHP but I have managed to write a simple page create script.

So far the script does not have any user input. It does open/write files and it also accesses my MySQL database. No variables are passed from script to script either.

My question is, what security dangers should I be aware of?

My other question is, can you download a php file and view the contents?

Apologies if dumb questions but this has been puzzling me.

1:08 pm on Mar 16, 2005 (gmt 0)

New User

10+ Year Member

joined:Mar 14, 2005
posts:11
votes: 0


If you're letting users write arbitrary pages to the filesystem you're asking for trouble. However I couldn't really work out exactly where your data was coming from. If it's only coming from MySQL and your MySQL data is clean, you should have no problem.

As for your last question, no.

1:21 pm on Mar 16, 2005 (gmt 0)

Administrator

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 31, 2003
posts:12548
votes: 2


Welcome to WebmasterWorld, taiwanho.
Welcome to WebmasterWorld, Turbonutter.

PHP is parsed by the server and displays only the HTML content that you have printed or echoed to output (along with any other static HTML in your script). Users never get to view your code, unless you have instructed your server not to parse the page.

1:56 pm on Mar 16, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 21, 2003
posts:2355
votes: 0

1:30 am on Mar 17, 2005 (gmt 0)

New User

10+ Year Member

joined:Mar 3, 2005
posts:27
votes: 0


Thanks for the replies. I feel secure.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members