Welcome to WebmasterWorld Guest from 3.227.233.55

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Please Tell Me If This Is Secure.

     
2:17 pm on Nov 8, 2008 (gmt 0)

New User

10+ Year Member

joined:Jan 10, 2005
posts: 30
votes: 0


Hi, I'll describe this in basic terms, if you need more details to understand the question, please ask:

* simple_admin.php = A simple utility to help develop multiple sites and / or projects.
* db_data.php sits outside of the public_html path and cannot be viewed or directly accessed by any browser-based hacker.

1) simple_admin.php is an experiment to help easily make changes in several databases at once, using basic to medium-level PHP.
2) db_data.php is included in simple_admin.php
3) Also note:
[php]<?php
rename("simple_admin.php", "simple_admin.txt");
?>[/php]

Every time the admin uses simple_admin.php it is automatically renamed to .txt, so hackers have no chance of running the file themselves.

Quick Summary:
> The Database login info is outside of the public_html path
> The "main file" is automatically renamed to .txt every time.

Please tell me, is there anything about this set-up which is not 'reasonably' secure?

Thank you.

Edit: Oops... Of course, simple_admin.php can also, be in a password protected area.
Now, can I think "it" is safe and secure?

7:02 pm on Nov 8, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 24, 2005
posts:697
votes: 0



Every time the admin uses simple_admin.php it is automatically renamed to .txt, so hackers have no chance of running the file themselves.

OK they can't run it But you are enabling all the code in there to be seen by them, and see what all is in there and can see your mysql password if that was in there.

I would never let a code file to be viewed as Text.

7:08 pm on Nov 8, 2008 (gmt 0)

New User

10+ Year Member

joined:Jan 10, 2005
posts:30
votes: 0


The db info is:

"The Database login info is outside of the public_html path"

Can they view an include file outside of the public_html path?

Thanks

6:18 am on Nov 9, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 24, 2005
posts:697
votes: 0


Yea you are right, they can't but i would not even want to let someone see one single line of code even when it contained no password.

Is your simple_admin.php Password protected ? i would protect it or protect the whole directory via apache and not worry about renaming.

6:37 am on Nov 9, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 6, 2008
posts:2011
votes: 0


Renaming the .php to a .txt makes it less secure. But the users of your site should never see what .php file is being called to use passwords anyway...not to mention they can't see php code. It's secure as it is.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members