Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 249
  • Last Modified:

PHP Files Security in webserver

I done a a project in PHP and MySQL.

I would like to upload that into the webserver. but how to secure those files to direct download or see the source code of those php files.

how to secure my php files?
0
vinspire
Asked:
vinspire
  • 2
  • 2
1 Solution
 
nicholassolutionsCommented:
PHP is a server-side language, which means that it is parsed by the server, and only the output of the script is sent to the browser, so it is impossible for people to see the source. For a bunch of good security tips, take a look at this article:

http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/

0
 
jdpipeCommented:
You need to make sure that Apache runs the .php before outputting the result. If you don't have php set up properly on the server, then Apache will show the contents of the .php files, rather than running them.

If you have .php files which contain passwords etc, it's advisable to make them 'include' which php accesses indirectly, then prevent Apache for ever serving them, by adding a .htaccess file and denying access to those files over HTTP.

Hope that helps
JP
0
 
nicholassolutionsCommented:
Good point about the passwords -- one other option is to put the passwords in includes outside of your web directory alltogether, which doesn't involve setting up an .htaccess file
0
 
jdpipeCommented:
Yes, the latter is preferable but not always an option given by ISPs
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now