473,386 Members | 1,785 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > php function security

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Php Function Security

Hi All

I have an issue with a php / mysql driven website im developing, i have
about 95% of the website being driven by functions i have developed in a
"publicFunctions.inc" file, that i keep in an includes directory in the
sites directory. This file contains the function i use to connect to my
mysql server, the problem i have now disconvered is that if someone were to
point directly at my functions.inc file, it is printed in its entirety to
the screen ... not very secure.

How can i lock this down? (the server it is being hosted on is linux based)

Any help would be appreciated.
Jul 17 '05 #1
2 1547
["Followup-To:" header set to comp.lang.php.]
Binskin wrote:
I have an issue with a php / mysql driven website im developing, i have
about 95% of the website being driven by functions i have developed in a
"publicFunctions.inc" file, that i keep in an includes directory in the
sites directory. This file contains the function i use to connect to my
mysql server, the problem i have now disconvered is that if someone were to
point directly at my functions.inc file, it is printed in its entirety to
the screen ... not very secure.

How can i lock this down? (the server it is being hosted on is linux based)


Rename it "publicFunctions.inc.php"; change all references to the new
name. Done!
or move it outside the web server root (and change references)
or have yout host change Apache's config to parse .inc files
--
--= my mail box only accepts =--
--= Content-Type: text/plain =--
--= Size below 10001 bytes =--
Jul 17 '05 #2
You could create a .htaccess file in that folder containing the following:

<Files ~ "*.inc">
Order allow,deny
Deny from all
Satisfy All
</Files>

This will prevent Apache from allowing any file with a .inc extension to be
requested from a browser.

Tony Marston
http://www.tonymarston.net/
"Binskin" <bi*****@excite.com> wrote in message
news:8c****************@news-server.bigpond.net.au...
Hi All

I have an issue with a php / mysql driven website im developing, i have
about 95% of the website being driven by functions i have developed in a
"publicFunctions.inc" file, that i keep in an includes directory in the
sites directory. This file contains the function i use to connect to my
mysql server, the problem i have now disconvered is that if someone were to point directly at my functions.inc file, it is printed in its entirety to
the screen ... not very secure.

How can i lock this down? (the server it is being hosted on is linux based)
Any help would be appreciated.

Jul 17 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
Trouble with system() function
by: Penn Markham | last post by:
Hello all, I am writing a script where I need to use the system() function to call htpasswd. I can do this just fine on the command line...works great (see attached file, test.php). When my...
PHP
23
Detect Function or Pop-Up Blocking
by: David McCulloch | last post by:
QUESTION-1: How can I detect if Norton Internet Security is blocking pop-ups? QUESTION-2a: How could I know if a particular JavaScript function has been declared? QUESTION-2b: How could I...
Javascript
2
Replace Function in Access 2000 Report Text Box Control Source Expression Quits Working in Windows 2000
by: Sharon | last post by:
I've had an Access 2000 app running successfully for many months on both Windows XP and Windows 2000. Recently when my Windows 2000 users call a particular report, they get first a dialog...
Microsoft Access / VBA
4
AllowBypassKey Function with DDL Set to True
by: Dalan | last post by:
Perhaps someone can share information on the methods to use to effect the automation process of creating the property to set the AllowBypassKey function. I was directed to:...
Microsoft Access / VBA
11
How can I get current line number, function name, etc. like in C++?
by: Ken Varn | last post by:
I want to be able to determine my current line, file, and function in my C# application. I know that C++ has the __LINE__, __FUNCTION__, and __FILE___ macros for getting this, but I cannot find a...
C# / C Sharp
4
How to call a function from another page
by: dale zhang | last post by:
Hi, I have the following private function in one page: private string Connect() { string sConnect; // this value could go directly in the Global.asax.vb declarations switch...
C# / C Sharp
6
DML Restriction unless through a function
by: val | last post by:
Hi all; Is it possible to write a trigger or the ilk that would disallow direct inserts, updates, or deletes to a table unless it was being executed through a function? How can I identify that...
PostgreSQL Database
5
Error 3075 Function Not Available - but no missing references
by: Jozef | last post by:
I have an MDE file that is blowing up with "Error 3075 Function Not Available", which is normally a reference issue, but, I have no missing references. It seems that offending function is a...
Microsoft Access / VBA
89
Why GCC does warn me when I using gets() function for accessing file
by: Cuthbert | last post by:
After compiling the source code with gcc v.4.1.1, I got a warning message: "/tmp/ccixzSIL.o: In function 'main';ex.c: (.text+0x9a): warning: the 'gets' function is dangerous and should not be...
C / C++
7
Why deprecate function caller access?
by: =?UTF-8?B?QW50w7NuaW8gTWFycXVlcw==?= | last post by:
Hi, Sorry if this's been discussed before, I couldn't find it. As well you know, the ECMAScript standard doesn't include any way to access a function's caller. This has been available on Mozilla...
Javascript
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!