Welcome to WebmasterWorld Guest from 22.214.171.124
I am sure if I want to use this program safely I am going to have to figure out a way to protect the info on the config.php from at least amateur hackers. Is there a way to do this so I can still have my gallery?
Thank you, all help is always appreciated.
and no matter what else, unless you are not doing an echo for those variables it wont show if someone loaded the file in browser, all they will see is a plain blank page.
This script will do that:
$vars = get_defined_vars();
A simple way to provide some protection against this is to define a variable in your pages and check whether this is set in the config file.
define('TRXASDFA','aljsjkas'); // These are just two random strings... Make them unguessable.
if(!defined('TRXASDFA') ¦¦ TRXASDFA != 'aljsjkas')
To answer your intital question cooldogs, it does create somewhat of a security issue, but using config files is a very common thing and most scripts use them.
$vars = get_defined_vars();
MattAU, i am sorry but i totally disagree. For all what i have learnt i think it is Impossible to do that, you can not get my server's any config like that. if you include any file using "http" then there is no concept of any PHP code being sent to you if my server is running fine. try that for your own page, include your own config.php via http:// and lets see if you can get those variables. It has to be a code file include like
that will do what you 've mentioned.
I am willing to bet 100$ on that ;)
and i can StickyMail you my config file's url for a test
[edited by: Anyango at 5:19 am (utc) on Oct. 12, 2008]
But now I'm a little confused about something ... is the below true?
[quote]A page on my site that can get your password details.[/[quote]
Also, I was wondering what you thought of the idea of using an .htaccess file in the same sub-directory where the config.php file was, does that render it inoperable in any way? Below is the code I found that is supposed to go in the .htaccess file ... the whole thing is for a photo gallery, so the php script sent to me to do so including for back end management would still have to be able to function.
<Files ~ "^\config.php">
Deny from all
Why not simply pop the config file outside the web root?
I love an easy solutions that works :)
I will definitely look into that, only thing is I'm a little technically challenged and the config.php is part of a php script setup that I bought to be able to have a photo gallery, I'll have to delve into it and see if I can make that adjustment on my own with my limited abilities.
I can do an .htaccess file and I do currently have one of those, if the above .htaccess solution is good enough, I know I can do that. What <i>did<i> you'all think of the .htaccess idea.