|
|
Posted by Hans van Kranenburg on 10/03/24 11:18
Tomi Holger Engdahl wrote:
> "NC" <nc@iname.com> writes:
>
>
>> el_roachmeister@yahoo.com wrote:
>>
>>> I am an ASP, selling hosted software and am concerned that
>>> someone will steal my source code and resell it?
>>
>> Unless they have access to your PHP files via FTP or Telnet, this
>> is a near-impossibility. There's always a chance that one of your
>> files allows a code injection, but those are rare in well thought
>> out applications.
>
> You are true.
>
> One thing besides FTP and Telnet whaich can give sometimes access to
> the PHP source code.
>
> It is possible to have such HTTP server misconfiguration that PHP
> files are not run thourhg PHP parser, but are sent to the user as
> they are. There is a small risk that this kind of thign happens when
> you make major changes to your server configuration or you upgade
> server to newer version that needs somewhat different configuration.
>
> I have seen it happen that user gets the source code instead the PHP
> output..
That's why you should put all php files with interesting content outside
the docroot, and why hosting providers should give the possibility for
doing so.
Hans
--
"He who asks a question is a fool for five minutes;
he who does not ask a question remains a fool forever"
Navigation:
[Reply to this message]
|