php-general Digest 15 Aug 2009 08:00:28 -0000 Issue 6286
Topics (messages 296809 through 296817):
Re: ini files as config - hidden
296809 by: João Cândido de Souza Neto
296810 by: João Cândido de Souza Neto
296811 by: Ben Dunlap
296815 by: Ashley Sheridan
PHP_SAPI
296812 by: Martin Scotta
Making HTML Scripts over PHP Programming
296813 by: network.qummatic.com
Re: session variables - help RESOLVED
296814 by: Allen McCabe
Re: File or directory?
296816 by: Clancy
296817 by: Ralph Deffke
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
A long time ago I worked in many shared servers, nowadays I´m not working
with web sites, only systems, so my customers always has their own server.
The question is:
1) The ini file you mentioned has ini extension?
if yes, it must be out of the document root because if someone types its
url, the browser will certainly show up its content.
2) Has it php extension?
if yes, it can be inside the documento root because if someone types its
url, PHP will show up only the result of its code..
"Ben Dunlap" <bdun...@agentintellect.com> escreveu na mensagem
news:7997e80e0908141056i483f4e2h7dffe0c83b90d...@mail.gmail.com...
2009/8/14 João Cândido de Souza Neto <j...@consultorweb.cnt.br>:
> I think a good solution is to put the ini file out of your html folder so
> only your scripts can read it.
I agree, and I try to do the same, but I've noticed that most
open-source CMSes I've looked at (Drupal, Joomla, Textpattern, CMS
Made Simple) have always stored database credentials inside of
DocumentRoot, by default.
Not sure if this is a compromise to allow ease-of-use by
less-technical users, or if my insistence on putting this sort of file
outside of DocumentRoot is just paranoia (and not the good kind).
I'd definitely be interested to hear how others on the list approach
this problem.
And that's only one part of the equation, if you're on a
shared-hosting platform. Are you, or do you have your own server?
Ben
--- End Message ---
--- Begin Message ---
It´s a cool solution as well.
"Martin Scotta" <martinsco...@gmail.com> escreveu na mensagem
news:6445d94e0908141103l6710c766wcc89f05111a65...@mail.gmail.com...
2009/8/14 Ben Dunlap <bdun...@agentintellect.com>
> 2009/8/14 João Cândido de Souza Neto <j...@consultorweb.cnt.br>:
> > I think a good solution is to put the ini file out of your html folder
> > so
> > only your scripts can read it.
>
> I agree, and I try to do the same, but I've noticed that most
> open-source CMSes I've looked at (Drupal, Joomla, Textpattern, CMS
> Made Simple) have always stored database credentials inside of
> DocumentRoot, by default.
>
> Not sure if this is a compromise to allow ease-of-use by
> less-technical users, or if my insistence on putting this sort of file
> outside of DocumentRoot is just paranoia (and not the good kind).
>
> I'd definitely be interested to hear how others on the list approach
> this problem.
>
> And that's only one part of the equation, if you're on a
> shared-hosting platform. Are you, or do you have your own server?
>
> Ben
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
A workaround to this is to simple let the browser get the ini as a php file.
What? are you insane? no. it is really easy.
1) Name your ini files .php so, database.ini will be database.php
2) Put in the top of your script this line
;<?php exit;?>
So, when the file is opened as an ini file the semilcolon indicates that
it's a comment.
But, when the browser call for this file... php just exit's in the first
line.
Our data will be safe as long as the first line will remains there.
--
Martin Scotta
--- End Message ---
--- Begin Message ---
> 1) Name your ini files .php so, database.ini will be database.php
Actually I was assuming the configuration file to be a PHP script --
as is typical in big open-source CMSes. I took "ini file" earlier in
the thread to be a generic description of any file, whatever the
extension, that contains sensitive configuration data.
> Our data will be safe as long as the first line will remains there.
And as long as the file is actually handed off to PHP for processing.
Seems like there are plenty of situations, none of them too
far-fetched, that could cause the web server to mistakenly serve a
file with ".php" in its name as a generic text file rather than
handling it correctly. I'd rather just have the file outside of
DocumentRoot and avoid that risk entirely. But again, maybe that's
just unproductive paranoia?
Ben
--- End Message ---
--- Begin Message ---
On Fri, 2009-08-14 at 15:03 -0300, Martin Scotta wrote:
> 2009/8/14 Ben Dunlap <bdun...@agentintellect.com>
>
> > 2009/8/14 João Cândido de Souza Neto <j...@consultorweb.cnt.br>:
> > > I think a good solution is to put the ini file out of your html folder so
> > > only your scripts can read it.
> >
> > I agree, and I try to do the same, but I've noticed that most
> > open-source CMSes I've looked at (Drupal, Joomla, Textpattern, CMS
> > Made Simple) have always stored database credentials inside of
> > DocumentRoot, by default.
> >
> > Not sure if this is a compromise to allow ease-of-use by
> > less-technical users, or if my insistence on putting this sort of file
> > outside of DocumentRoot is just paranoia (and not the good kind).
> >
> > I'd definitely be interested to hear how others on the list approach
> > this problem.
> >
> > And that's only one part of the equation, if you're on a
> > shared-hosting platform. Are you, or do you have your own server?
> >
> > Ben
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> A workaround to this is to simple let the browser get the ini as a php file.
> What? are you insane? no. it is really easy.
>
> 1) Name your ini files .php so, database.ini will be database.php
> 2) Put in the top of your script this line
>
> ;<?php exit;?>
>
> So, when the file is opened as an ini file the semilcolon indicates that
> it's a comment.
> But, when the browser call for this file... php just exit's in the first
> line.
>
> Our data will be safe as long as the first line will remains there.
>
Silly idea. If you want to read in the ini file via PHP to get the
values out, why don't you just have them as PHP vars? There's extra
overhead involved in processing the ini, which is a big bad idea if the
ini is used to hold database details, as not only does the database
connection take time, but you've increased the time needed to access the
connection details! Way to go!
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Hi all!
I'm making a class for handling different things depending on what web
server are you running PHP.
Can you tell me the output of this script and your environment?
<?php
echo PHP_OS, PHP_EOL, PHP_SAPI;
?>
It'll be useful to me to have different values, especially from Windows or
IIS
( Please reply this in private, so we keep the list clean, then I'll send
the full list )
Is there any documentation about the possible value of PHP_SAPI?
I was surfing the web and found this list, but I don't know if it complete:
aolserver, apache, apache2filter, apache2handler, caudium, cgi, cgi-fcgi,
cli, Continuity, embed, isapi, milter, nsapi, phttpd, pi3web, roxen, thttpd,
tux,webjames
should I look at php source-code for these values?
--
Martin Scotta
--- End Message ---
--- Begin Message ---
Dear All,
I have developed php library for open source community, for making HTML
scripts over PHP Programming, HTML Object. It's PHP Object Library for
making autogenerated HTML scripts over PHP Programming. Providing the
variety of needs to make HTML code automatically, such as HTML Tags,
Attributes, Tag's Content, Frequently Used Tags, and Other HTML Object.
HTML Object is created in accordance with the needs of web developers, easy
to use, Object Oriented Programming, and flexible for any web applications.
visit: http://code.google.com/p/html-object/
HTML Object is PHP 5 Class Object Library, the purposes is web developers
can use this library for Presentation Layer or Web User Interface (UI) on
web applications, creating HTML code with PHP script, all controlled on
server.
Early features of them:
* Autogenerated HTML Tags, Attributes, and Contents
* Frequently Used Tags
* Generating HTML Document / Web Pages
* HTML Tables
All class libraries is documented in Application Programming Interface
(API) Documentation, you can visit
http://api.global.qummatic.com/html-object.
For developers can checkout the latest source code, please visit
http://code.google.com/p/html-object/source/checkout. The latest release
files can be downloaded in
http://code.google.com/p/html-object/downloads/list
--- End Message ---
--- Begin Message ---
Thanks everyone for your help, I finally got it working.
For those that were curious, my writeResultRow() function was not naming the
input fields properly, so the SESSION variables could not be updated
properly. I had to add an array item for each show, an id, then call the id
to name the inputs with.
On Fri, Aug 14, 2009 at 11:13 AM, Ben Dunlap <bdun...@agentintellect.com>wrote:
> Great, hope it helps! -Ben
>
> On Fri, Aug 14, 2009 at 10:52 AM, Allen McCabe<allenmcc...@gmail.com>
> wrote:
> > This is an EXCELLENT idea.
> >
>
--- End Message ---
--- Begin Message ---
I have just got access to a new server, and am playing with upload/download
procedures. I
looked in the root directory, and see several objects which I assume to be
directories.
However I was surprised to find there does not appear to be any command to
determine if an
object is a file or directory, either in PHP FTP or plain FTP. I could try to
change to
them, or download them, but this seems overkill. Am I overlooking something
obvious?
--- End Message ---
--- Begin Message ---
can u upload ur own files ?
can u create a directory ?
are u using a ftp client ?
try
ralph_def...@yahoo.de
"Clancy" <clanc...@cybec.com.au> wrote in message
news:kjhc85hpub7drihgappifphcboolt9u...@4ax.com...
> I have just got access to a new server, and am playing with
upload/download procedures. I
> looked in the root directory, and see several objects which I assume to be
directories.
> However I was surprised to find there does not appear to be any command to
determine if an
> object is a file or directory, either in PHP FTP or plain FTP. I could
try to change to
> them, or download them, but this seems overkill. Am I overlooking
something obvious?
--- End Message ---
