|  | Posted by shimmyshack on 10/24/07 23:23 
On Oct 24, 10:42 pm, Daniel <d_pinea...@hotmail.com> wrote:> is there a way to detect if a user tries to access a php file?
 >
 > For instance, db.config.php is called in many php pages but should
 > never actually be open directly.  Is there a way to know if someone
 > tried to open it directly?
 >
 > Also, i want to learn more about securing php/MySQL pages any good
 > resources I should start with?
 >
 > Thank you,
 >
 > Daniel
 
 
 google for  "web application security consortium"
 yes follow dikkie's advice, use mysql users and permissions, so the
 app only has the rights to tables and databases that it needs. these
 questions have been answered many times in this forum over the years,
 but it is a vast subject which is all about following standards and
 best best practise when coding, and understanding how to abuse your
 code. If you accept user input do you check that it is what it should
 be, before using it. Do you update your software. Do you get lazy and
 think - oh that will work, i'll do the security later. Are your
 deadlines imposing, do you have someone to check over your code once
 its written to see bugs.
 Unfortunately there will always be bugs and vulnerabilities in one's
 code. It's inevitable somewhere between death and taxes, so what can
 go wrong when they gain access.
 And finally, you arent that big a target, I've personally never been
 pick pocketed, I keep a fairly close eye on my stuff when im in the
 capital (and so think Im pretty safe), but if i'm targetted Im sure
 i'll be easy pickings - they are professionals after all. Just dont be
 the low hanging fruit with the half open handbag you sling behind you
 as you walk the crowded streets.
  Navigation: [Reply to this message] |