Hi. Two questions:
1) If I create a PHP page with PHP code in it, is it true that nobody can EVER see your PHP code?
2) How do I know that the PHP scripts I write are secure and cannot easily be hacked?Anyone that has FTP access to your server, probably only you, can see your scripts.
As long as the server you run your scripts on has a reliable admin and doesn't get hacked your scripts are as secure as anything else on the web. There are ways to make your scripts more secure. Using post instead of get comes to mind. If you search Google (<!-- m --><a class="postlink" href="http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=php+security&btnG=Google+Search">http://www.google.com/search?hl=en&ie=U ... gle+Search</a><!-- m -->) you'll find many resources.
I hope this helps.
Peace,
Ed
You don't need to gain access to the FTP, I believe you can Download it using a Download manager or make a link, right click and save as. The best way to protect confidential stuff is to make a folder with htaccess and put it in there, then include it in your php script.True, password protecting will allow only certain individuals to access the page. But the PHP code will never be able to be seen/editted (unless you want it to be) without FTP access.
I may have misunderstood the question.
The nice thing bout php pages is that if anyone types in the url to the php page then their browser will only receive the HTML code that is created from the php page when it is called...
Also, if you create a hyperlink to that page like
<a href=http://www.htmlforums.com/archive/index.php/"http://www.blahblah/blahblah/blahsomemore/ascript.php">Right-Click on this link and save target as</a>
and then right-click and save target as then it will still only return the HTML information. In fact, the browser will default to saving it as ".htm"
The reason why is because the designers of PHP designed it to return all HTML tags and HTML code within the file as it is interpreted by the PHP compiler ( when you call the page in a browser )...
They also designed it to run PHP on anything within <? and ?> tags within the file ( course you can use <?php and <% as well) and anything that is "print"'d, "echo"'d, or parsed in HTML format by the PHP compiler's functions will be returned as HTML code. However, it will NOT send down any code that was written in PHP...
Nifty, huh?
Originally posted by Dudex
You don't need to gain access to the FTP, I believe you can Download it using a Download manager or make a link, right click and save as.
and no you can't use a Download manager to get php files.O, interesting. Sorry for the incorrect info.theres a program (very illegal of course) called PHPsniffer that uses a Winhook control (kind of like that program that steals passwords). The catch is that you must be using the computer that it was originally created on.that made no sense. if you were on the computer it was made on than you wouldn't need the program you could just use the ftp program and get it. beside what is a winhook? did you mean winsock? and if so that is still going to parse the php and you won't get it.
also any phpsniffer I know just gets the browser and OS from the client.
pm me if you know a url to get this and I will prove you wrong.
1) If I create a PHP page with PHP code in it, is it true that nobody can EVER see your PHP code?
2) How do I know that the PHP scripts I write are secure and cannot easily be hacked?Anyone that has FTP access to your server, probably only you, can see your scripts.
As long as the server you run your scripts on has a reliable admin and doesn't get hacked your scripts are as secure as anything else on the web. There are ways to make your scripts more secure. Using post instead of get comes to mind. If you search Google (<!-- m --><a class="postlink" href="http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=php+security&btnG=Google+Search">http://www.google.com/search?hl=en&ie=U ... gle+Search</a><!-- m -->) you'll find many resources.
I hope this helps.
Peace,
Ed
You don't need to gain access to the FTP, I believe you can Download it using a Download manager or make a link, right click and save as. The best way to protect confidential stuff is to make a folder with htaccess and put it in there, then include it in your php script.True, password protecting will allow only certain individuals to access the page. But the PHP code will never be able to be seen/editted (unless you want it to be) without FTP access.I may have misunderstood the question.
The nice thing bout php pages is that if anyone types in the url to the php page then their browser will only receive the HTML code that is created from the php page when it is called...Also, if you create a hyperlink to that page like
<a href=http://www.htmlforums.com/archive/index.php/"http://www.blahblah/blahblah/blahsomemore/ascript.php">Right-Click on this link and save target as</a>
and then right-click and save target as then it will still only return the HTML information. In fact, the browser will default to saving it as ".htm"
The reason why is because the designers of PHP designed it to return all HTML tags and HTML code within the file as it is interpreted by the PHP compiler ( when you call the page in a browser )...
They also designed it to run PHP on anything within <? and ?> tags within the file ( course you can use <?php and <% as well) and anything that is "print"'d, "echo"'d, or parsed in HTML format by the PHP compiler's functions will be returned as HTML code. However, it will NOT send down any code that was written in PHP...
Nifty, huh?
Originally posted by Dudex You don't need to gain access to the FTP, I believe you can Download it using a Download manager or make a link, right click and save as.
and no you can't use a Download manager to get php files.O, interesting. Sorry for the incorrect info
.theres a program (very illegal of course) called PHPsniffer that uses a Winhook control (kind of like that program that steals passwords). The catch is that you must be using the computer that it was originally created on.that made no sense. if you were on the computer it was made on than you wouldn't need the program you could just use the ftp program and get it. beside what is a winhook? did you mean winsock? and if so that is still going to parse the php and you won't get it.also any phpsniffer I know just gets the browser and OS from the client.
pm me if you know a url to get this and I will prove you wrong.