IT SOLUTIONS
Your full service technology partner! 
-Collapse +Expand
PHP
Search PHP Group:

Advanced
-Collapse +Expand PHP Store
PRESTWOODSTORE

Prestwood eMagazine

April Edition
Subscribe now! It's Free!
Enter your email:

   ► MB LobbyPHP & Delphi for PHP BoardPHP Topic   Print This     

Steal someones php code or settings?

Steal someones php code or settings? in PHP topic (part of our PHP & Delphi for PHP group).

Quick Search: someones   settings   Steal someones   Steal someones php   code or  
S0nY
Baton Rouge, LA USA

Is there a way to download a php file from a website? I want to make sure my php files and settings are secure so no one can get into my sql database or see my password information or see any of my php code. What are some secure methods i can do to make sure no one can steal my php code or settings ?

The company i work for recently created custom php code that our customers will go to our site and type in personal information and order certain products, i just want to make sure there is no way a person can try to access our files ( we have customers personal information on our server ) since all the files will be on our server... Anyone have more input on this ?

 Posted 11 years ago (Thread Starter)
Comment Quote
About S0nY -Collapse +Expand
Visit Profile
Approved member.
Member subscribes to this thread with a verified email.

Post ID #12902, 1 replies
Thread Started 6/27/2008 11:22:34 AM
View Counter=25100
Location=Baton Rouge, LA USA 
Joined=12 years ago   MB Posts=53  
Most Recent Post
Moderator
Mike Prestwood
Prestwood IT
Prestwood IT office in Citrus Heights, CA

Hi David,

3 Suggestions:

  1. Secure your include files - With regard to them "downloading" your source, you should be fine so long as everything is setup correctly. Do all your source files have a .php extension? If so, then if they call them, they will run and not download. However, if you have a different extension for included code, then make sure those are secure. For example, if you use .inc as an included file, try browsing directly to that file:
     
    http://www.yoursite.com/includes/MainLib.inc
     
    If you don't have that file associated correctly on the server, the source code will popup in the browser. Granted, they still have to guess the filename but they sometimes can list or discover them.
     
  2. Don't allow browsing. Make sure empty folders are not browsable. Create a test folder and try browsing to it. You should NOT see a list of files, if you do, fix that.
     
  3. Harden Your Code - You might want to read my security tips article and implement the suggestions in there. They definately apply to PHP code. 
     
    Security Tips: 13 Ways to Harden Your Code
     
    I also linked that article to the top so this thread shows up on the bottom of it.

That's about all the suggestions I can think of right now. Security is about layers so the more you do, the better.

--
Mike Prestwood
Prestwood IT Solutions

 Posted 11 years ago
Comment Quote
About Mike Prestwood -Collapse +Expand
Visit Profile
Approved member.
Member subscribes to this thread with a verified email.
About Mike Prestwood

Mike Prestwood is a drummer, an author, and creator of the PrestwoodBoards online community. He is the President & CEO of Prestwood IT Solutions. Prestwood IT provides Coding, Website, and Computer Tech services. Mike has authored 6 computer books and over 1,200 articles. As a drummer, he maintains play-drums.com and has authored 3 drum books. If you have a project you wish to discuss with Mike, you can send him a private message through his PrestwoodBoards home page or call him 9AM to 4PM PST at 916-726-5675 x205.

Web Presence
Facebook, Prestwood IT Facebook page -- fan page. (Visit Me)
Twitter, Follow Prestwood IT on Twitter. (Visit Me)
LinkedIn, Prestwood IT company page on LinkedIn. (Visit Me)
YouTube, Prestwood IT YouTube Channel (Visit My Channel)
Website, My drum website where I sell my drum books. (http://www.play-drums.com)

Post ID #12903 (Level 1.1)  Reply to 12902
Thread Started 6/27/2008 11:36:56 AM
Location=Prestwood IT office in Citrus Heights, CA 
Joined=19 years ago   MB Posts=1410   KB Posts=1805   KB Comments=75   BLOG, Topics=4  

Revive Thread!

Add a comment to revive this old thread and make this archived thread more useful.

Write a Comment...
Full Editor
...
Sign in...

If you are a member, Sign In. Or, you can Create a Free account now.


Anonymous Post (text-only, no HTML):

Enter your name and security key.

Your Name:
Security key = P1233A1
Enter key:
Icon: A Post    Thread    Idea    Important!    Cool    Sad    No    Yes    Includes a Link...   
Thread #12902 Counter
25100
Since 6/27/2008

Regarding...

Linked Knowledge Base Article.

This thread is linked to the following KB article.


Mike Prestwood
1. Security Tips: 13 Ways to Harden Your Code

13 things you can do to make your code more secure, general advice about the rest of it, PLUS YOUR COMMENTS and experiences.

Posted to KB Topic: Website Scripting
11 years ago, and updated 9 years ago
(6 KB Comments)

Article
Nothing New Since Your Last Visit
52204
Hits

Website Design & Hosting

Go ahead!   Use Us! Call: 916-726-5675  Or visit our new sales site: 
www.prestwood.com


©1995-2019 Prestwood IT Solutions.   [Security & Privacy]