Of course the absolute safest way besides encryting
your PHP is to just store your state secrets in files
outside the web server's document tree.
i.e.
if your web server's document root is /var/www
?php
require(/var/super-secret/super-functions.php);
if ($theanswer == 42)
{
echo
The only real way to see the php code is if you don't have the webserver
set to parse the code...then it will just be displayed on the page (or
downloaded). If you're really paranoid, you can get a tool to encrypt
your php code. There's some free ones, but here's a costly one that I
know of:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
they are kinda safe if the webserver is the only way that
your files can be viewed if people can log into the
machine, they could just view the plaintext of your PHP
script.
hint: security thru obscurity is not secure.
-Original
On Mon, 13 Aug 2001 09:43:56 -0500 impersonator of [EMAIL PROTECTED]
(Tyler Longren) planted I saw in php.general:
The only real way to see the php code is if you don't have the webserver
set to parse the code...then it will just be displayed on the page (or
downloaded). If you're really
Of course the absolute safest way besides encryting
your PHP is to just store your state secrets in files
outside the web server's document tree.
i.e.
if your web server's document root is /var/www
?php
require(/var/super-secret/super-functions.php);
if ($theanswer == 42)
{
echo
5 matches
Mail list logo