Can someone view the code inside a PHP file on your server?

[gwlam12]

I just want to know if it's possible for someone to get the contents of your PHP file off a website.

 

[imported_LoKe]

No. Not at all.

 

[gwlam12]

Okay, cuz the way my user authentication works is that it compares what the user entered to hard-coded strings inside a php file. That's the limit to what my skills allow me to do right now so that's the way I'm doing it. =P


BTW, the link in your sig isn't working.

 

[imported_LoKe]

I'm aware of that, I posted it before I was banned and since the thread has been deleted. I'll re-make it once I've got some funds in my paypal account.

But yeah, PHP is incredibly secure, otherwise we'd have people in our databases and stealing our accounts left and right.

 

[oog]

Originally posted by: LoKe
No. Not at all.

Assuming that the web server is properly secured, that is.

 

[imported_LoKe]

Well, that's a given. But seeing as how his question was directly concerning PHP, I'd say that's not what he was asking.

 

[oog]

Well I've seen some software written in PHP that allows file uploads and would even allow the upload of additional PHP files. That would be a security hole caused by PHP that would allow others to possible read the code.

 

[imported_LoKe]

Originally posted by: oog
Well I've seen some software written in PHP that allows file uploads and would even allow the upload of additional PHP files. That would be a security hole caused by PHP that would allow others to possible read the code.

There are also some security flaws when it comes to using old perl scripts to break PHP.

 

[fs5]

php is is utterly secure and stable (which is why they release a new version every 3 weeks!!!! )

 

[Hersh]

Depending on how the server is setup, if it is a shared hosting environment and someone on that server has shell access, they will be able to view any file within the server if the shell access is not properly secured (ie. full /bin/bash access and not jailed shell). In this case, they'll be able to view files but won't be able to edit it.

PHP is kept up-to-date fairly quickly... if a flaw is found within the PHP binary, the PHP group gets on top of it quickly and releases fixes. In most cases though, whenever there is an exploit with a php script, it's not the php processor but a poorly coded php script (ie. phpNuke modules have some serious exploits or at least they used to which allowed spammers to spam through vulnerabilities, phpBB had some serious issues with a worm last year, etc).