Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

reading php files in the selection view source

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

reading php files in the selection view source

Postby CHUBBYCAT » Fri Jul 23, 2004 6:24 pm

ok,
when you right click a page and select "View Source" on a page that has php coding in its script and it doesnt show.

can anyone tell me a program (if exists) that could expose that coding?
User avatar
CHUBBYCAT
New php-forum User
New php-forum User
 
Posts: 53
Joined: Mon Jun 21, 2004 7:08 am

Re: reading php files in the selection view source

Postby swirlee » Fri Jul 23, 2004 6:45 pm

CHUBBYCAT wrote:ok,
when you right click a page and select "View Source" on a page that has php coding in its script and it doesnt show.

can anyone tell me a program (if exists) that could expose that coding?


Nope, it's not possible. Fortunately. The source code of a PHP script is never sent to the browser. Unless you have serious security problems.
User avatar
swirlee
Moderator
Moderator
 
Posts: 2272
Joined: Sat Jul 05, 2003 1:18 pm
Location: A bunk in the back

Postby CHUBBYCAT » Sat Jul 24, 2004 5:54 am

another words,

set your internet security on low.
User avatar
CHUBBYCAT
New php-forum User
New php-forum User
 
Posts: 53
Joined: Mon Jun 21, 2004 7:08 am

Postby swirlee » Sat Jul 24, 2004 12:41 pm

CHUBBYCAT wrote:another words,

set your internet security on low.


What? This has nothing to do with it. As long as your script is being parsed by PHP, the code will never get sent to the browser, no matter what. This is the intended behaviour, and good. If it didn't work that way, your scripts wouldn't work and your HTML wouldn't dispay right.
User avatar
swirlee
Moderator
Moderator
 
Posts: 2272
Joined: Sat Jul 05, 2003 1:18 pm
Location: A bunk in the back

Postby bezmond » Mon Nov 29, 2004 7:29 am

that doesn't stop View Source though... on the menu, View > Source

Andrew
User avatar
bezmond
Moderator
Moderator
 
Posts: 312
Joined: Sat Apr 05, 2003 4:33 am
Location: Mansfield, UK

Postby Alex » Mon Nov 29, 2004 9:39 am

Why bother with all of that, even if you disable view source, you can still view the source! You can use lynx hard request piped into text file and the code is all there, dont bother yourself with any kind of user-side disabling anything, just use a server-side language and who cares about the html on the other side?

Gotta love PHP!
Alex
New php-forum User
New php-forum User
 
Posts: 180
Joined: Fri Mar 07, 2003 4:59 pm

Postby jmag » Tue Sep 27, 2005 1:42 pm

So when we use mysql_connect() and the like, including the php file that has the host user and password, no worries?!
jmag
New php-forum User
New php-forum User
 
Posts: 5
Joined: Sat Sep 24, 2005 5:52 pm

Postby gesf » Tue Sep 27, 2005 7:14 pm

Like i've already said... nothing done when we don't even know the difference between both Client and Server sides!
Hey CHUBBYCAT, try a file with .phps extension...

» Hey Swirlee... long time no see...! A hug for you :D
User avatar
gesf
Moderator
Moderator
 
Posts: 1718
Joined: Sun Dec 29, 2002 5:03 am
Location: Portugal / Sweden


Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 0 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.