Menu
Imagine the following PHP file:
<?php
$topSecret = "Something important";
?>
If I put this on a server running the standard LAMP setup, how could someone could find out $topSecret?
If the variable is not echoed, is it vulnerable? A real application of this might be database credentials stored in the web root of a server.
621
If PHP were to fail somhow, then the page would be displayed as a plaint text file. That has happened before; it once happened to Facebook. To protect against this you should store all sensitive variables (passwords, etc) in a php file which is not in the web root. You could store it in the parent folder (if you have access to it) or in a subfolder which is protected by apache (deny all).
126
Under normal circumstances, it would not be possible to view that.
But errors in configuration, or exploits in code could make it possible to view the contents of the files.
Normally, one would place such information outside of the webroot, to decrease the chance such a thing happens.
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
