Script visibility on the HTTP server

Question

Script visibility on the HTTP server

If I have an http server with various HTML pages and various PHP (or other) scripts, then if I try to view the code (as in the Chrome View viewer), then the PHP code will not be shown, which is the same as Well. I want to know how safe the code is from prying eyes? Will a secure password in a script be safe?

+4

security http php

user485498 Sep 13 '11 at 2:36 p.m.

source share

3 answers

Never protect passwords 100%, especially on your server.
If you need to save passwords in a script, save them in files that are not placed in the public directory (the browser cannot access the user).

+2

Oz_ Sep 13 '11 at 2:43

source share

 <?php $password = "password"; ?>

persists until you load the PHP module.

 <span>$password = "password";</span>

not protected and will not work

0

genesis Sep 13 '11 at 14:39

source share

Marc b · Accepted Answer · 2011-09-13T14:48:52+0000

The only time your PHP code can be opened is if the script is somehow treated as "non-PHP" and receives the message as raw text. If your server configuration is correct, then the code is "safe" due to an Internet leak.

In this case, it is best to put critical information that must remain confidential (user names / passwords, configuration variables, DSN databases, etc.) in a separate file that stores OUTSIDE in the root of the document’s site. Thus, even if PHP is damaged / disabled on the server, all that the user sees is

<?php include('critical_data_here.php'); ?>

but not

 <?php $username = 'root'; $password = 'password'; $lotto_ticket_worth_50million = 'under the left couch cushion at 221B Baker Street'; ?>

Script visibility on the HTTP server

More articles: