PHP Files Security in webserver

Posted on 2004-11-09
Last Modified: 2006-11-17
I done a a project in PHP and MySQL.

I would like to upload that into the webserver. but how to secure those files to direct download or see the source code of those php files.

how to secure my php files?
Question by:vinspire
    LVL 15

    Accepted Solution

    PHP is a server-side language, which means that it is parsed by the server, and only the output of the script is sent to the browser, so it is impossible for people to see the source. For a bunch of good security tips, take a look at this article:

    LVL 7

    Expert Comment

    You need to make sure that Apache runs the .php before outputting the result. If you don't have php set up properly on the server, then Apache will show the contents of the .php files, rather than running them.

    If you have .php files which contain passwords etc, it's advisable to make them 'include' which php accesses indirectly, then prevent Apache for ever serving them, by adding a .htaccess file and denying access to those files over HTTP.

    Hope that helps
    LVL 15

    Expert Comment

    Good point about the passwords -- one other option is to put the passwords in includes outside of your web directory alltogether, which doesn't involve setting up an .htaccess file
    LVL 7

    Expert Comment

    Yes, the latter is preferable but not always an option given by ISPs

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Introduction Many web sites contain image galleries; a common design for these galleries includes a page with a collection of thumbnail images.  You can click on each of the thumbnail images to see the larger version of the image.  This is easily i…
    Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now