about php security

Anon

I'm new to php so I want to ask is this script secure and can anybody grab the source and look at my password ???

example:

<?php

$pw = "password";

if ($pass == $pw) {print "Good";}
else {print "Bad";}

shmert

One big problem with setting the password variable directly in a file like this is, if php is ever not parsing files correctly (like if someone is mucking about with apache config), anyone who goes to your php page will see the source code, and the password therein. Best to keep sensitive data outside webroot, and include the files.

cordex

Not from merely viewing the output of this script.

But, that doesn't mean your form post can't be intercepted ...

-Ben