Topic awaiting preservation: Security |
|
---|---|
Author | Thread |
Paranoid (IV) Inmate From: Rouen, France |
posted 08-02-2003 16:43
Ok, I'm back from my hollidays. The break was nice, thanks, but now I'm back on the rails |
Maniac (V) Mad Scientist with Finglongers From: Cell 53, East Wing |
posted 08-02-2003 16:52
MS: For starters see: |
Paranoid (IV) Mad Scientist with Finglongers From: Germany |
posted 08-02-2003 17:52
if your files are called .php, the websever should not deliver them without processing the code within... which should prevent any one from viewing your username and password. |
Maniac (V) Mad Scientist From: :morF |
posted 08-03-2003 06:15
Yeah...they shouldn't be able to see any of your includes...once the page is parsed, every piece of PHP code is removed from it and replaced with the HTML that will do the final output of the script. |
Paranoid (IV) Inmate From: Rouen, France |
posted 08-03-2003 14:24
Hmm ok after reading those papers I learnt more about PHP attacks, and now after reconsidering my post I must say I wasn't indeed very clear. |
Paranoid (IV) Mad Scientist with Finglongers From: Germany |
posted 08-03-2003 18:36
a) would you care to name the 'appropriate software'? If he had ftp access to your site, all had been lost already. Apart from that, I've got no clue what you're talking about. |
Paranoid (IV) Inmate From: Rouen, France |
posted 08-03-2003 20:45
I was talking of softwares used to download entire websites (there are plenty of them) which allow to see the source code, such as MemoWeb. |