I have a pretty quick question regarding PHP code

if script is hidden from client's browser

and php code are rendered back as HTML to the user

is there a way ever that someone can view your code using say a browser plugin?

or getting your source file and the running that from your localhost?

i dont know if this is possible.

just being curious.

if its not, then whats the use of hiding the config file such as db username and pw from the root directory of your web server?

thanks in advance!

Recommended Answers

All 3 Replies


It really depends on how secure your Apache and PHP installations are configured. There are many options to make PHP more secure and suggested practices for making a site secure. It is possible to lock the system down so that they cannot be read but it is not always configured properly.

If your writing in php, no one can see your php coding. Only the sever administrator and the ftp access user, eg you, can see your php coding. The only part of the source code they could get is the html output that you have either echoed, printed or hard coded in. Your php is safe

Member Avatar

Ensure that any sensitive files are kept above the doc root.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.