PHP Security

Forum Moderators: coopster

Message Too Old, No Replies

PHP Security

taiwanho

7:59 am on Mar 16, 2005 (gmt 0)

I am quite new to PHP but I have managed to write a simple page create script.

So far the script does not have any user input. It does open/write files and it also accesses my MySQL database. No variables are passed from script to script either.

My question is, what security dangers should I be aware of?

My other question is, can you download a php file and view the contents?

Apologies if dumb questions but this has been puzzling me.

Turbonutter

1:08 pm on Mar 16, 2005 (gmt 0)

If you're letting users write arbitrary pages to the filesystem you're asking for trouble. However I couldn't really work out exactly where your data was coming from. If it's only coming from MySQL and your MySQL data is clean, you should have no problem.

As for your last question, no.

coopster

1:21 pm on Mar 16, 2005 (gmt 0)

Welcome to WebmasterWorld, taiwanho.
Welcome to WebmasterWorld, Turbonutter.

PHP is parsed by the server and displays only the HTML content that you have printed or echoed to output (along with any other static HTML in your script). Users never get to view your code, unless you have instructed your server not to parse the page.

bcolflesh

1:56 pm on Mar 16, 2005 (gmt 0)

[us2.php.net...]

taiwanho

1:30 am on Mar 17, 2005 (gmt 0)

Thanks for the replies. I feel secure.

PHP Security

taiwanho

Turbonutter

coopster

bcolflesh

taiwanho

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week