reading php files in the selection view source

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

User avatar
CHUBBYCAT
New php-forum User
New php-forum User
Posts: 53
Joined: Mon Jun 21, 2004 7:08 am
Contact:

reading php files in the selection view source

Postby CHUBBYCAT » Fri Jul 23, 2004 6:24 pm

ok,
when you right click a page and select "View Source" on a page that has php coding in its script and it doesnt show.

can anyone tell me a program (if exists) that could expose that coding?

User avatar
swirlee
Moderator
Moderator
Posts: 2272
Joined: Sat Jul 05, 2003 1:18 pm
Location: A bunk in the back
Contact:

Re: reading php files in the selection view source

Postby swirlee » Fri Jul 23, 2004 6:45 pm

CHUBBYCAT wrote:ok,
when you right click a page and select "View Source" on a page that has php coding in its script and it doesnt show.

can anyone tell me a program (if exists) that could expose that coding?


Nope, it's not possible. Fortunately. The source code of a PHP script is never sent to the browser. Unless you have serious security problems.

User avatar
CHUBBYCAT
New php-forum User
New php-forum User
Posts: 53
Joined: Mon Jun 21, 2004 7:08 am
Contact:

Postby CHUBBYCAT » Sat Jul 24, 2004 5:54 am

another words,

set your internet security on low.

User avatar
swirlee
Moderator
Moderator
Posts: 2272
Joined: Sat Jul 05, 2003 1:18 pm
Location: A bunk in the back
Contact:

Postby swirlee » Sat Jul 24, 2004 12:41 pm

CHUBBYCAT wrote:another words,

set your internet security on low.


What? This has nothing to do with it. As long as your script is being parsed by PHP, the code will never get sent to the browser, no matter what. This is the intended behaviour, and good. If it didn't work that way, your scripts wouldn't work and your HTML wouldn't dispay right.

User avatar
bezmond
Moderator
Moderator
Posts: 312
Joined: Sat Apr 05, 2003 4:33 am
Location: Mansfield, UK
Contact:

Postby bezmond » Mon Nov 29, 2004 7:29 am

that doesn't stop View Source though... on the menu, View > Source

Andrew

Alex
New php-forum User
New php-forum User
Posts: 180
Joined: Fri Mar 07, 2003 4:59 pm
Contact:

Postby Alex » Mon Nov 29, 2004 9:39 am

Why bother with all of that, even if you disable view source, you can still view the source! You can use lynx hard request piped into text file and the code is all there, dont bother yourself with any kind of user-side disabling anything, just use a server-side language and who cares about the html on the other side?

Gotta love PHP!

jmag
New php-forum User
New php-forum User
Posts: 5
Joined: Sat Sep 24, 2005 5:52 pm

Postby jmag » Tue Sep 27, 2005 1:42 pm

So when we use mysql_connect() and the like, including the php file that has the host user and password, no worries?!

User avatar
gesf
Moderator
Moderator
Posts: 1717
Joined: Sun Dec 29, 2002 5:03 am
Location: Portugal / Sweden
Contact:

Postby gesf » Tue Sep 27, 2005 7:14 pm

Like i've already said... nothing done when we don't even know the difference between both Client and Server sides!
Hey CHUBBYCAT, try a file with .phps extension...

» Hey Swirlee... long time no see...! A hug for you :D


Return to “PHP & MySQL Security”

Who is online

Users browsing this forum: No registered users and 0 guests