php source privacy

Howdy y'all,

I would like to prevent users from viewing the source of certain php pages in my site. This is for security reasons. If anyone simply downloaded the pages using wget or something similar, the entire site could be compromised.

Is it possible for me to enter these pages into a .htaccess protected directory and access them either as includes or my linking to them? I already tried linking to them straight up, but of course it asks for the htaccess password.

Is their any other way to protect the code?

Thanks.

Comments

  • Correct me if I'm wrong... but as long as they use wget and are accessing the php page through the webserver, the code itself will not be downloaded... the only thing that will be downloaded if wget is used on a php script run from a web server is any response or output the script provides - this is due to the fact that php is a server side scripting language, and the client never actually needs to see the code and therefore isn't given the ability to.

    : Howdy y'all,
    :
    : I would like to prevent users from viewing the source of certain php pages in my site. This is for security reasons. If anyone simply downloaded the pages using wget or something similar, the entire site could be compromised.
    :
    : Is it possible for me to enter these pages into a .htaccess protected directory and access them either as includes or my linking to them? I already tried linking to them straight up, but of course it asks for the htaccess password.
    :
    : Is their any other way to protect the code?
    :
    : Thanks.
    :

  • : Correct me if I'm wrong... but as long as they use wget and are accessing the php page through the webserver, the code itself will not be downloaded... the only thing that will be downloaded if wget is used on a php script run from a web server is any response or output the script provides

    Yes, you're right :-). Don't worry tux55 - no-one'll compromise your site with wget.

    Isaac

    "Let us smite the evil slime eating hordes who may befall us on our quest to be the ultimate programmers of the known universe!"

  • : : Correct me if I'm wrong... but as long as they use wget and are accessing the php page through the webserver, the code itself will not be downloaded... the only thing that will be downloaded if wget is used on a php script run from a web server is any response or output the script provides
    :
    : Yes, you're right :-). Don't worry tux55 - no-one'll compromise your site with wget.
    :
    : Isaac
    :
    : "Let us smite the evil slime eating hordes who may befall us on our quest to be the ultimate programmers of the known universe!"
    :
    :


    There is however one thing you should keep in mind... If you use include files that have another extention then .php, like .inc you should place them in a protected folder or better outside the documentroot, or make your webserver interpret them by php... Or else they will be able to open those files and see the sourcecode...

    ;-)
    -mac-
    mailto:[email protected]
    the Netherlands...


Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories