Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PHP source code security on server

Tags:

security

php

I am a PHP newbie and a have a php security question. Is it possible for somebody to get the source code of a php script file running on a server with default configuration? If so, what is the best way to be protected? I am asking this because I happened to download a php file when I requested a page from a site and what triggered my concerns. I think that maybe apache configuration was wrong and served that file to me like a simple file but I am not sure. Also what is the best place to keep "sensitive" data such as database or smtp configuration?

Thank you, Alex

like image 279
Alex Avatar asked Feb 05 '11 14:02

Alex

People also ask

How secure is PHP code?

PHP is as secure as any other major language. PHP is as secure as any major server-side language. With the new PHP frameworks and tools introduced over the last few years, it is now easier than ever to manage top-notch security.

Which method is secure for securing data in PHP?

Every server should have an SSL certificate to securely transfer files via HTTPS. However, regularly check your server for outdated SSL certificates or weak ciphers. Often, sysadmins forget to update SSL certificates when they expire. However, an SSL certificate helps your website to better defend against XSS attacks.

Is PHP secure by default?

However, what is factual is that it has no default security mechanism. Identical PHP applications are often widely deployed, so a vulnerability in a single application can result in a large number of insecure, publicly accessible servers.

Is PHP still secure?

Security. Some claim PHP is not secure enough as it is open source. But the truth is that any programming language is prone and vulnerable, it's just a matter of how they are used. The security level depends on the expertise of the developers and their practices.

1 Answers

For the most sensitive information, I'd suggest putting it outside of your web root folder, and including it through "require" or "include". This way, even is some configuration gets botched on the server, the visitor will only get served the line "include('secret_stuff.php');" and not the actual script.

like image 141
dmgig Avatar answered Sep 30 '22 01:09

dmgig
Sign in to Comment

Related questions

PHP SoapClient and a complex header
Cron Job PHP script execution time report
PHP: is_array on $arr['key'] with non existing 'key'
Which type of path to store in MySQL database?
How to download a file on clicking the name of file using PHP?
Getting script exit status code in php
How to set a PHP session variable through linux command prompt?
Which is the best PHP editor for Windows? [closed]
manipulating 15+ million records in mysql with php?
Can someone explain this regular expression?
How can I change project resource location in a project?
SQL queries within a loop
Ad management system in PHP? [closed]
SQL - Inserting multiple row values into a single column
PHP simple text database with SQL syntax [closed]
How to get Visual Studio Development Server to work with PHP?
Can I JOIN two tables with only one match for each row of one table in MySQL?
How to handle double quotes in string before XPath evaluation?
Can I use php with phonegap?
PHP: How to detect if a jpeg is completely black (no image)?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!