[PHP] Your opinion on security issue: file extension
I would like opinions on a security question. A co-worker suggested we rename our application files to some extension other than .php (for example, .htm). The reasoning being that the .php extension tells a cracker that we are using PHP, and not ASP, or ColdFusion, etc. The cracker can focus immediately on vulnerabilities of PHP. So, is there something to be gained by masking our server setup by changing our filename extension? TIA Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Your opinion on security issue: file extension
Not really, I mean it may deter a very novice hacker. But, if the people want in, they can very easily find out what server and server software you are running. For example, goto www.netcraft.com and click on 'What's that site running?' and put in your www.domain.com address. It will tell ou everything about the server, even uptime. So, if they want to know, they can find out, file extensions just make it a bit easier... - Original Message - From: "Johnson, Kirk" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 01, 2001 12:08 PM Subject: [PHP] Your opinion on security issue: file extension > I would like opinions on a security question. > > A co-worker suggested we rename our application files to some extension > other than .php (for example, .htm). The reasoning being that the .php > extension tells a cracker that we are using PHP, and not ASP, or ColdFusion, > etc. The cracker can focus immediately on vulnerabilities of PHP. > > So, is there something to be gained by masking our server setup by changing > our filename extension? > > TIA > > Kirk > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Your opinion on security issue: file extension
I think expose_php = Off is first thing to do instead of changing association. (As well as disabling server signature) extension does not tell much, but expose_php tells PHP version also, if you care about crackers. Crackers will notice you care about security somewhat. It does not protect your server from experienced crackers, though. Regards, -- Yasuo Ohgaki ""Johnson, Kirk"" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]... > I would like opinions on a security question. > > A co-worker suggested we rename our application files to some extension > other than .php (for example, .htm). The reasoning being that the .php > extension tells a cracker that we are using PHP, and not ASP, or ColdFusion, > etc. The cracker can focus immediately on vulnerabilities of PHP. > > So, is there something to be gained by masking our server setup by changing > our filename extension? > > TIA > > Kirk > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Your Opinion?! PHP4 coding style - Comment and Splitting source code
Hello all. I'm running PHP4 as Apache module under Linux. I would like to know good script coding style. I should not write long comments in code or not? With Zend Cache, comments should not matter. How about w/o Zend Cache? If I want to write long comments, should I get Zend Cache? Or can I ignore the overheads? For example, 50KB of comments for 25KB code - total 75KB script size. (Not considering disk access/load overhead. I would like to know PHP4's overheads) Whether I should split source code so that PHP4 can parse/compile as little code as possible or not. What is the best coding style you suggest? For example, 200KB script containing all code vs. split into several source files and load 100KB on average when it executed. What is your opinion? Thanks in advance. -- Yasuo Ohgaki -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]