Reply to Web Site Security Hole

Your name:

Reply:


Posted by Don on 04/07/05 16:55

Hi,

I'm developing a small web site that does a bit of e-commerce (that is,
it creates security keys and such). I've been very careful to keep all
constants used in calculations in a local directory above docroot, but
all of my main .php pages are in (or under) docroot (my host won't allow
..php scripts to operate in /cgi-bin).

I was feeling pretty secure until a friend reminded me you can download
complete sites by importing them with such tools as FrontPage and
Dreamweaver. That way, the "protection" provided by the PHP server is
non-existant.

Someone doing an import would be able to see the specific methodology
I'm using for calculations and security, even though they wouldn't have
access to MySQL passwords and constants. But the "security" that
provides suddenly doesn't seem like much security at all!

Can I manage this situation by setting directory and/or file permissions
in docroot? Or is there some other solution?

Thanks in advance.

-Don

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация