|
|
Posted by Phil Coen on 07/13/05 04:55
Thanks Gordon
>
> If it is accessable from the Internet, which it probably is if it
> has a public IP, security IS an issue. Even if it's only on a
> dialup line. Please don't run yet another infected zombie that can
> be instructed to attack other systems.
I hate zombies too.
No. The Debian/Apache server is only on my home network and is not set up
to see the Internet. I would actually be putting any real code on the
school admin server and it uses MS IIS which I don't know anything about
and don't want to know anything about. Especially since we have to
maintain a suicide watch over the poor folks whose job it is to maintain
it. I wish I could convince the powers that be to plop in a Linux server.
>
> If PHP is set up properly, Apache will *NOT* serve the text of a
> PHP page, it will serve the OUTPUT of that page. Test it yourself
> with a browser or telnet directly to port 80 of your Apache server.
>
>
> No, anybody CANNOT download the php script, assuming that Apache
> recognizes it as a script to be run with PHP.
You are right. I can see the HTML stuff in my modules, but so far haven't
been able to download or see the php script as an ordinary user. So I was
under the wrong impression about that. Good. Well, I just started PHP a
week ago and am still in the thrashing around mode - barely beyond the
"Hello World" point.
I have written quite a few web pages over the years, all hobby type, and
never worried about security because I WANTED everyone to be able to see
everything. It was the hosters problem to keep people from trashing it or
whatever. But now as I begin to think about sites that are ONLY for
authorised users, all kinds of problems arise. Like realising that with
all the HTML sites that I have made before which were nothing but multiple
pages linked to each other, anybody could "deep link" to any one of them
without going through the index.html even it it had a login.
All of my PHP books are just for learning the language. Very little about
actual security in them. I am going to have to pick up a book that
discusses the layout of a real web server.
Thanks again
Phil
Navigation:
[Reply to this message]
|