how secure are php codes/scripts when they are deployed in a server (or when they become online)? if i put constants and/or passwords in my php codes, will they be visible and be 'sitting duck' targets for hackers?
sim_pack
0
Newbie Poster
Recommended Answers
Jump to PostYour script can be as secure or insecure as you want.
Generally, the end user would not see constants or any of the actual code as this is executed on the server. All the end user should see is the output of any functions in your script.
If …
Jump to PostEven better yet, use javascript to encrypt the passwords before sending it over $_POST. This way if the post data is hacked the data is still encrypted. This sort of hack attack can happen when a hacker attaches a device to a fiberoptic cable to scan data running past. Also …
Jump to PostHere is the example of secure password transfer and storage:
<head><title>Secure Post Transfer</title><script> function sendpost() { var data=document.getElementById("data").value; data=data.replace(/--|-\+\+\+2\+/,"---|-+++2+").replace(/--|-\+\+\+8\+/,"---|-+++8+").replace(/\+\+|-\+--8-/,"++|-+--8-"); data=data.replace(/([0-9]+)/g,"--|-+++2+$1--|-+++8+").replace(/([0-9])/g,"--|-+++8+$1--|-+++2+"); data=data.replace(/([a-z])/g,"++|-+--8-$1++|-+--8-"); document.getElementById("data").value=data; document.dform.submit(); return true; } </script></head><body> <form name="dform" method="POST"> <textarea name="data" id="data" style="width:400px; height:150px;">Add some random text in here aza</textarea> <input onclick="javascript:sendpost();" value="Search" type="button"> </form><? function truehash($hash) …
Jump to PostI'm sorry, but that's just plain false. It is possible to access other folders on a server (even below/above the root directory if they aren't protected properly). I've done it before, and I've just double-checked that it can be done on our servers. You need to filter request headers for …
Jump to PostI think php includes are better as include.inc.php than include.php.inc
I can read .inc files over http, files above the root on insecure servers http://www.blabla.com/../../thisfileisnotsecure.inc
I cant read .php files, only the output, if an include does not have output, is constants or sql_connect, I cant read …
All 30 Replies
Will Gresham
81
Master Poster
darkagn
commented:
Good points
+6
sim_pack
0
Newbie Poster
darkagn
315
Veteran Poster
Featured Poster
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
somedude3488
228
Nearly a Posting Virtuoso
darkagn
commented:
Excellent advice on all points given :)
+6
somedude3488
228
Nearly a Posting Virtuoso
digital-ether
399
Nearly a Posting Virtuoso
Team Colleague
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
Will Gresham
81
Master Poster
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
digital-ether
399
Nearly a Posting Virtuoso
Team Colleague
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
digital-ether
399
Nearly a Posting Virtuoso
Team Colleague
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
digital-ether
399
Nearly a Posting Virtuoso
Team Colleague
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
sim_pack
0
Newbie Poster
darkagn
315
Veteran Poster
Featured Poster
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
darkagn
315
Veteran Poster
Featured Poster
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
digital-ether
399
Nearly a Posting Virtuoso
Team Colleague
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
darkagn
315
Veteran Poster
Featured Poster
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
Menster
38
Junior Poster
digital-ether
399
Nearly a Posting Virtuoso
Team Colleague
digital-ether
399
Nearly a Posting Virtuoso
Team Colleague
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.