Posted by shimmyshack on 10/24/07 23:23

On Oct 24, 10:42 pm, Daniel <d_pinea...@hotmail.com> wrote:
> is there a way to detect if a user tries to access a php file?
>
> For instance, db.config.php is called in many php pages but should
> never actually be open directly. Is there a way to know if someone
> tried to open it directly?
>
> Also, i want to learn more about securing php/MySQL pages any good
> resources I should start with?
>
> Thank you,
>
> Daniel


google for "web application security consortium"
yes follow dikkie's advice, use mysql users and permissions, so the
app only has the rights to tables and databases that it needs. these
questions have been answered many times in this forum over the years,
but it is a vast subject which is all about following standards and
best best practise when coding, and understanding how to abuse your
code. If you accept user input do you check that it is what it should
be, before using it. Do you update your software. Do you get lazy and
think - oh that will work, i'll do the security later. Are your
deadlines imposing, do you have someone to check over your code once
its written to see bugs.
Unfortunately there will always be bugs and vulnerabilities in one's
code. It's inevitable somewhere between death and taxes, so what can
go wrong when they gain access.
And finally, you arent that big a target, I've personally never been
pick pocketed, I keep a fairly close eye on my stuff when im in the
capital (and so think Im pretty safe), but if i'm targetted Im sure
i'll be easy pickings - they are professionals after all. Just dont be
the low hanging fruit with the half open handbag you sling behind you
as you walk the crowded streets.

[Back to original message]