Geek Answers Handbook

Securing PHP files on a web server

I am slowly learning PHP, MySQL and some HTML using localhost as my web server. However, I'm starting to wonder how my .php files will be protected if I actually put it on the Internet.

I have a webpage in localhost / app.php that includes a form, some PHP code, and some MySQL queries. MySQL credential information is in the same directory above where app.php is located, but how can I prevent strangers from accessing the contents of app.php, including the MySQL data structure, the commands I use, etc. When you view the source code in a browser, you see only part of the HTML, but could someone download app.php and look at the actual file if it wants to?

What is the correct way to build a file structure? Links or comments are greatly appreciated! TIA!

+4
source share
4 answers

Well, if you use the .php extension, Apache will serve the analyzed version - echo and print will be output, but your variables will not.

If you are still worried, there are several ways to make your files more secure.

  • Apache aliasing - , . PHP - . /home/user/my_files/, my_files www.my-domain.com/files. script , - .
  • , .
  • . , , , .
  • CodeIgniter: index.php define( 'IN_APPLICATION', 1 ); if( !defined( 'IN_APPLICATION' ) ) die( 'No direct script access allowed' );
+4

. php , HTTP. , Apache PHP , FTP.

wwwroot . , .inc. `.php.

+3

.php . , , , - HTML-. - , . php

  • ( -) HTTP- , ..

    GET/app.php HTTP/1.1

  • . php php HTML.

  • HTML .

Apache , php , , apache2.conf:

LoadModule php5_module modules/libphp5.so
AddHandler php5-script .php
AddType text/html .php

, , - php-, apache2.conf:

AddType application/x-httpd-php-source .phps

, , mySQL , , , . apache docs - , .

+2

( , ), "frontcontroller". MVC- (Model, View Controller) .

:

app/ (applications, controllers and views)
lib/ (libraries, generic logic)
config/ (your configurations)
web/ (your webproot, only for css, images, javascript etc.)
web / index.php (your frontcontroller)

Just exposing index.php and posting all php and sensitive files outside your website will they not be accessible to anyone on the Internet.

+1
source

More articles:


All Articles