You are invited to Log in or Register a free Frihost Account!

User Viewing A PHP File

I know this is kinda on the lines of hacking. I would like to know if there is anyway the viewer of your site without access to the server would be able to get the contents of a php file?

Or to be able to grab a variable or something using some sort of injection?

I am asking because I need to secure an flat file account system I am creating if you know of a way and don't want to post it but are still willing to tell me email or pm me please.

It depends, but generally no, it's impossible to view the source of a php file or display/change a variable.

For the flat file system, it's perhaps a good idea to save your files outside the web directory.
K what would you say is more secure then saving information in a php file or in a mysql database? Because I have heard of people getting into mysql databases thats why you encrypt stuff.

Because, I always thought flat files were less secure then databases but it now looks like there the same or less secure then flat files
I'd say both the database and file system can be as secure as you want them. I find it easier to secure a database (less details to worry about) and, at the same time, provide editing capabilities to the users.
On Apache you can set phps to vieuw source, just control that once that it isn't enabled Very Happy
So there is no way for a user who has no access to the server to access a php file on a server.
Unless you specifically code for that (or allow a bug to creep in), no, there is no way to view/edit a php file.

On frihost, even though you have no access to the server, you can edit the php files Smile

edit: view/edit substituted for the wrong "access".
Ya ok, thanks I wanted to have the thrill of hacking my own scripts but it appears there secure enough which is a good thing but would have been fun if i could.

Anyways thanks for all your help but I know how we get into the php scripts they just open the files using php and allow us to edit them.
Related topics
How To : Improve Your PHP Programming
Cron jobs - running a php file
[PHP doubt]Knowing the directory location of PHP file
is there any way to trigger a .php file without refreshing?
Uploading a .php file! NEED HELP thanks
one line securing of php pages (login of users) (user auth)
Need help fixing my php file
send variable from php tp php file
Limiting php file functions with .htaccess
Remote php file access and reading
[HELP] PHP (and some MyBB) Administration
including javascript in php file
Hide PHP file extension
[TuT]JOOMLA Installation Guide(Easiest Way)
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

© 2005-2011 Frihost, forums powered by phpBB.