Php Function Security

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Binskin
    #1

    Php Function Security

    Hi All

    I have an issue with a php / mysql driven website im developing, i have
    about 95% of the website being driven by functions i have developed in a
    "publicFunction s.inc" file, that i keep in an includes directory in the
    sites directory. This file contains the function i use to connect to my
    mysql server, the problem i have now disconvered is that if someone were to
    point directly at my functions.inc file, it is printed in its entirety to
    the screen ... not very secure.

    How can i lock this down? (the server it is being hosted on is linux based)

    Any help would be appreciated.


    Tags: None
    • Pedro Graca
      #2
      Re: Php Function Security

      ["Followup-To:" header set to comp.lang.php.]
      Binskin wrote:[color=blue]
      > I have an issue with a php / mysql driven website im developing, i have
      > about 95% of the website being driven by functions i have developed in a
      > "publicFunction s.inc" file, that i keep in an includes directory in the
      > sites directory. This file contains the function i use to connect to my
      > mysql server, the problem i have now disconvered is that if someone were to
      > point directly at my functions.inc file, it is printed in its entirety to
      > the screen ... not very secure.
      >
      > How can i lock this down? (the server it is being hosted on is linux based)[/color]

      Rename it "publicFunction s.inc.php"; change all references to the new
      name. Done!


      or move it outside the web server root (and change references)


      or have yout host change Apache's config to parse .inc files
      --
      --= my mail box only accepts =--
      --= Content-Type: text/plain =--
      --= Size below 10001 bytes =--

        Comment

        • Tony Marston
          #3
          Re: Php Function Security

          You could create a .htaccess file in that folder containing the following:

          <Files ~ "*.inc">
          Order allow,deny
          Deny from all
          Satisfy All
          </Files>

          This will prevent Apache from allowing any file with a .inc extension to be
          requested from a browser.

          Tony Marston
          Tony Marston's Web Site
          http://www.tonymarston.net/
          This is Tony Marston's web site, containing personal information plus pages devoted to the Uniface 4GL development language, XML and XSL, PHP and MySQL, and a bit of COBOL



          "Binskin" <binskin@excite .com> wrote in message
          news:8cqVb.4801 3$Wa.582@news-server.bigpond. net.au...[color=blue]
          > Hi All
          >
          > I have an issue with a php / mysql driven website im developing, i have
          > about 95% of the website being driven by functions i have developed in a
          > "publicFunction s.inc" file, that i keep in an includes directory in the
          > sites directory. This file contains the function i use to connect to my
          > mysql server, the problem i have now disconvered is that if someone were[/color]
          to[color=blue]
          > point directly at my functions.inc file, it is printed in its entirety to
          > the screen ... not very secure.
          >
          > How can i lock this down? (the server it is being hosted on is linux[/color]
          based)[color=blue]
          >
          > Any help would be appreciated.
          >
          >[/color]


            Comment

            Previous template Next
            Working...