include security

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: egami, macek, gesf

Post Reply
User avatar
gesf
Moderator
Moderator
Posts: 1716
Joined: Sun Dec 29, 2002 5:03 am
Location: Portugal / Sweden
Contact:

Fri Nov 05, 2004 5:50 am

That's just a security precaution.
It's very useful for shared hosts to prevent other users to access your files. It's also a great idea to prevent people to break your code ($variables) through URL.

Cheers
Sincerely,
Gonçalo "gesf" Fontoura

gesf.org | sessionstart.com | urlms.com

User avatar
ruturajv
php-forum Super User
php-forum Super User
Posts: 1279
Joined: Sat Mar 22, 2003 9:42 am
Location: Mumbai, India
Contact:

Mon May 30, 2005 7:44 pm

if i'm not mistaken that bit of code is from phpBB codes right ?

You'll have to go through all the code to really understand... that...

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2213
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Tue May 31, 2005 1:11 am

hi guys, if you need to understand the phpbb code: ask me :D i had to go through it to understand where to make those changes most of you know about :)

and you dont need to go through the whole code :)

its simple :D

you request a page index.php:

Code: Select all

<?
define('IN_APP', true);
//Some more code here
?>


and then include some files: if you call thoser files directly you will get a hacking attempt as in_app is not defined :)
Best Regards,
Alexej Kubarev
-------------------------------
Zend Certified Engineer
Image Image

victor123
New php-forum User
New php-forum User
Posts: 192
Joined: Mon Sep 06, 2004 1:23 am
Location: Madrid, Spain

Tue May 31, 2005 3:04 am

Hi,

My approach would be to store connection information as well as other sensible info in files outside of the document root. Thus it will not be possible to have them served via http. I would also not use .php extensions for them. See http://phpsec.org/projects/guide/3.html, it is quite helpful.

Regards.

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2213
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Tue May 31, 2005 3:19 am

if you have configured your server correctly: it will not be any problem as it will not be possible to see the source of your config file
Best Regards,
Alexej Kubarev
-------------------------------
Zend Certified Engineer
Image Image

victor123
New php-forum User
New php-forum User
Posts: 192
Joined: Mon Sep 06, 2004 1:23 am
Location: Madrid, Spain

Tue May 31, 2005 9:23 am

Hahahaha... well, bokehman give her my best regards, i am also madrileño... i guess there are mistakes that are very common for people that share the same language...

Cheers.

Post Reply
  • Information
  • Who is online

    Users browsing this forum: No registered users and 1 guest