Re: [PHP] PHP Security - view source code

2002-01-21 Thread Sukumar S.
) From: Radu Filip [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: [PHP] PHP Security - view source code On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote: I've seen a number of sites for example that didn't have the .inc extension

Re: [PHP] PHP Security - view source code

2002-01-17 Thread Erik Price
On Wednesday, January 16, 2002, at 07:22 PM, Christopher William Wesley wrote: If you are the server's admin, or know the person well, you can tighten the file permissions down more with a little administrative work ... adding a new group of which your user and the web server are a member,

Re: [PHP] PHP Security - view source code

2002-01-17 Thread Erik Price
On Wednesday, January 16, 2002, at 08:04 PM, Rasmus Lerdorf wrote: No, it is safer to block access to .inc files with an httpd.conf rule. Allowing people to execute files that were meant to be included out of context could end up being much more dangerous than simply having people see the

Re: [PHP] PHP Security - view source code

2002-01-17 Thread Rasmus Lerdorf
On Wednesday, January 16, 2002, at 08:04 PM, Rasmus Lerdorf wrote: No, it is safer to block access to .inc files with an httpd.conf rule. Allowing people to execute files that were meant to be included out of context could end up being much more dangerous than simply having people see

Re: [PHP] PHP Security - view source code

2002-01-17 Thread mike cullerton
on 1/17/02 9:21 AM, Erik Price at [EMAIL PROTECTED] wrote: On my Linux box, which is shared with several users (I am admin), I would like to do something like this -- if I created the group php, and added myself to that group, I could use files associated with the group php. My web server

Re: [PHP] PHP Security - view source code

2002-01-17 Thread [EMAIL PROTECTED]
Best solution still seems to be to keep those includes out of your document root. bvr. On Thu, 17 Jan 2002 08:41:37 -0800 (PST), Rasmus Lerdorf wrote: On Wednesday, January 16, 2002, at 08:04 PM, Rasmus Lerdorf wrote: No, it is safer to block access to .inc files with an httpd.conf rule.

[PHP] PHP Security - view source code

2002-01-16 Thread Phil Schwarzmann
How easy/hard is it to view the PHP source code when you're at website? I noticed when I was using Internet Explorer, if I pressed view source...it would show the HTML but not the PHP. -Phil

Re: [PHP] PHP Security - view source code

2002-01-16 Thread Richard Crawford
Well, if you do View Source on any browser, it will only show the source code of the HTML that the page has rendered, not the PHP/Perl/ASP/Cold Fusion/whatever that was used to generate the HTML code. So using View Source will never show you the programming behind the HTML. That said, I

Re: [PHP] PHP Security - view source code

2002-01-16 Thread Jason Bell
Subject: [PHP] PHP Security - view source code How easy/hard is it to view the PHP source code when you're at website? I noticed when I was using Internet Explorer, if I pressed view source...it would show the HTML but not the PHP. -Phil -- PHP General Mailing List (http://www.php.net

Re: [PHP] PHP Security - view source code

2002-01-16 Thread Richard Baskett
wait a single moment to improve the world. - Anne Frank From: Phil Schwarzmann [EMAIL PROTECTED] Date: Wed, 16 Jan 2002 16:03:45 -0500 To: [EMAIL PROTECTED] Subject: [PHP] PHP Security - view source code How easy/hard is it to view the PHP source code when you're at website? I noticed when I

Re: [PHP] PHP Security - view source code

2002-01-16 Thread Erik Price
The entire page, PHP with HTML, is sent to the PHP engine. It follows the instructions of the PHP code, outputting only HTML and error messages, and then hands the data to the web server which sends it to your browser. Unless something damages the PHP engine, causing the webserver to serve

Re: [PHP] PHP Security - view source code

2002-01-16 Thread [EMAIL PROTECTED]
- view source code How easy/hard is it to view the PHP source code when you're at website? I noticed when I was using Internet Explorer, if I pressed view source...it would show the HTML but not the PHP. -Phil -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL

Re: [PHP] PHP Security - view source code

2002-01-16 Thread Radu Filip
On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote: I've seen a number of sites for example that didn't have the .inc extension registered, include() doesn't care about that, but if your includes are under the document root of your website (that happens a lot too, i don't know why ?) and you

Re: [PHP] PHP Security - view source code

2002-01-16 Thread Christopher William Wesley
On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote: I've seen a number of sites for example that didn't have the .inc extension registered, include() doesn't care about that, but if your includes are under the document root of your website (that happens a lot too, i don't know why ?) and you

Re: [PHP] PHP Security - view source code

2002-01-16 Thread Rasmus Lerdorf
On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote: I've seen a number of sites for example that didn't have the .inc extension registered, include() doesn't care about that, but if your includes are under the document root of your website (that happens a lot too, i don't know why ?) and you

Re: [PHP] PHP Security - view source code

2002-01-16 Thread mike cullerton
on 1/16/02 6:04 PM, Rasmus Lerdorf at [EMAIL PROTECTED] wrote: On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote: (1) avoid using .inc files; use .php files like for normal script No, it is safer to block access to .inc files with an httpd.conf rule. Allowing people to execute files that were