Topic awaiting preservation: Can people read your php code? $Pages that link to <a href="https://ozoneasylum.com/backlink?for=26485" title="Pages that link to Topic awaiting preservation: Can people read your php code?" rel="nofollow" >Topic awaiting preservation: Can people read your php code?\$

Author	Thread
H][RO Bipolar (III) Inmate From: Australia Insane since: Oct 2002	posted 08-20-2005 02:13 I should probably test this but someone might know already! Is it possible for someone from domainB.com to read the contents of your php file (i.e the code) from domainB.com. i.e just read it like a normal text file and hence be able to create the same php file on their server? Just wondering if this is possible, theoretically i thought it would because you have permission to access the php file (run it) . I'm assuming that the php will get processed when you call it to read it though, so you will only be downloading the result of the php file. Is this correct? Cheers.
reisio Paranoid (IV) Inmate From: Florida Insane since: Mar 2005	posted 08-20-2005 02:52 Nothing online is secret.
H][RO Bipolar (III) Inmate From: Australia Insane since: Oct 2002	posted 08-20-2005 04:56 Not true, but does anyone know the answer to the above? Resisio: there are compilers which pre-compile your php code into binary form, so they work like normal php files - im pretture sure you cant reverse the binary code.... that was going to be my second question.
Tyberius Prime Paranoid (IV) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 08-20-2005 10:02 If your webserver is configured correctly, it will indeed not deliver unprocessed php files - so all anyone get's to see is the output of your script.
H][RO Bipolar (III) Inmate From: Australia Insane since: Oct 2002	posted 08-20-2005 12:37 Cheers TP, thought so. Any idea if its possible to reverse code that has been compiled into binary?? Im guessing not. Normally I dont bother, im not a code nazi or anything - just one thing I have to do for something coming up that is a lot of work. Found some programs that precompile your php code to binary, and it works nicely.
WarMage Maniac (V) Mad Scientist From: Rochester, New York, USA Insane since: May 2000	posted 08-20-2005 18:06 If the webserver is configured correctly like TP said they will not be able to access your PHP file's code when they browse to your site via http (e.g. the normal web surfer). If someone is in the server, and they have permissions higher than yours they can read your files through the actual server. If you have your files configured for universal read then anyone who accesses the webserver will be able to read these files. You need to make sure your permissions are correct to protect the files, and you need to make sure that your webserver is configured to process the files when any HTTP request is made to then. A weakness would be calling a php file something like file.inc and including it into a .php file. They could browse to the file.inc and see the contents, unless you setup the server to also process .inc files. Dan @ Code Town
H][RO Bipolar (III) Inmate From: Australia Insane since: Oct 2002	posted 08-21-2005 02:54 Yeh, i like having .inc extensions and that sort of stuff, but i always do say myfile.inc.php, read about that somewhere! I think my server would be setup properly, the only way to tell would be for me to test it i guess! Thanks for the info all.
Skaarjj Maniac (V) Mad Scientist From: :morF Insane since: May 2000	posted 08-21-2005 04:04 The server works off the final extension (and the MIME type, I think, not entirely sure), so You could call the file myfile.inc.blah.foo.bar.quux.php and it would still process it as a PHP file, since the final etension is .php. I believe most Apache HTTPD servers are set up to process as PHP (by default) .php .php3 .php4 and .phtml... and they're setup to output as coloured syntax .phps Justice 4 Pat Richard

Topic awaiting preservation: Can people read your php code?\$

Author

Thread

H][RO
Bipolar (III) Inmate

From: Australia
Insane since: Oct 2002

posted 08-20-2005 02:13

I should probably test this but someone might know already! Is it possible for someone from domainB.com to read the contents of your php file (i.e the code) from domainB.com.

i.e just read it like a normal text file and hence be able to create the same php file on their server? Just wondering if this is possible, theoretically i thought it would because you have permission to access the php file (run it) .

I'm assuming that the php will get processed when you call it to read it though, so you will only be downloading the result of the php file. Is this correct?

Cheers.

reisio
Paranoid (IV) Inmate

From: Florida
Insane since: Mar 2005

posted 08-20-2005 02:52

Nothing online is secret.

H][RO
Bipolar (III) Inmate

From: Australia
Insane since: Oct 2002

posted 08-20-2005 04:56

Not true, but does anyone know the answer to the above?

Resisio: there are compilers which pre-compile your php code into binary form, so they work like normal php files - im pretture sure you cant reverse the binary code.... that was going to be my second question.

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 08-20-2005 10:02

If your webserver is configured correctly, it will indeed not deliver unprocessed php files - so all anyone get's to see is the output of your script.

H][RO
Bipolar (III) Inmate

From: Australia
Insane since: Oct 2002

posted 08-20-2005 12:37

Cheers TP, thought so. Any idea if its possible to reverse code that has been compiled into binary?? Im guessing not.

Normally I dont bother, im not a code nazi or anything - just one thing I have to do for something coming up that is a lot of work. Found some programs that precompile your php code to binary, and it works nicely.

WarMage
Maniac (V) Mad Scientist

From: Rochester, New York, USA
Insane since: May 2000

posted 08-20-2005 18:06

If the webserver is configured correctly like TP said they will not be able to access your PHP file's code when they browse to your site via http (e.g. the normal web surfer).

If someone is in the server, and they have permissions higher than yours they can read your files through the actual server. If you have your files configured for universal read then anyone who accesses the webserver will be able to read these files. You need to make sure your permissions are correct to protect the files, and you need to make sure that your webserver is configured to process the files when any HTTP request is made to then.

A weakness would be calling a php file something like file.inc and including it into a .php file. They could browse to the file.inc and see the contents, unless you setup the server to also process .inc files.

Dan @ Code Town

H][RO
Bipolar (III) Inmate

From: Australia
Insane since: Oct 2002

posted 08-21-2005 02:54

Yeh, i like having .inc extensions and that sort of stuff, but i always do say myfile.inc.php, read about that somewhere! I *think* my server would be setup properly, the only way to tell would be for me to test it i guess!

Thanks for the info all.

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

posted 08-21-2005 04:04

The server works off the final extension (and the MIME type, I think, not entirely sure), so You could call the file myfile.inc.blah.foo.bar.quux.php and it would still process it as a PHP file, since the final etension is .php. I believe most Apache HTTPD servers are set up to process as PHP (by default) .php .php3 .php4 and .phtml... and they're setup to output as coloured syntax .phps

Justice 4 Pat Richard