[RESOLVED] can someone view the php code?

petergi

hi.i have a site index.php.can someone view the php code writen in it with a type of hack or something?or he xan spend all his life and in the end wont do it?it is a matter of security.there isnt anyone that can do it?

bradgrafelman

It's possible, under the right conditions. For example, if your webserver were to be misconfigured or if you had other scripts on the server that had security vulnerabilities due to sloppy coding. If you were on a shared host, you'd also have to worry about other users on the same server compromising the security and gaining access to your files.

In other words, it's not likely, but it isn't impossible. If you had something that you wanted to take steps to ensure that it can't be viewed easily, you'd have to look into something like Zen Guard to protect your scripts.

dagon

any one that has root access to the server, any one that guess\hack your password(s). There are plenty of articles on best practice security, you can find with google.

halojoy

No, normally nobody can view the code.
Think of this .. there are at many sites: config.php
with username + password to database, often MySQL.
If it was not very safe, then we would not put user+pass in such a file.

But there is one case, when by accident it could be possible.
It is if the Web Server start serving .php files as text-files.
In a web server .php is configured to be executed by php.exe
and interpretated as PHP Code.
If by accident this server config (httpd.conf for Apache) was changed
and so .php was displayed, then we should be able to
read config.php with all the goodies!

Good thing is, that this happens almost never.
But there is a very small chance.
So small it doesnt bother many people.
I am not bothered.
🙂

petergi

look i dont know much about php but i got i simple code and dont want someone else to be able to view it.i purchaced a hosting plan in blue host and thats all.so i dont have to worry about it a lot huh?

dagon

its unlikely you will have any issues, just make sure the passwords you set are sensible.