Re: POST message handling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: POST message handling
From: Rakesh Agarwal <raks35@xxxxxxxxx>
Date: Sun, 19 Aug 2007 04:59:30 -0700 (PDT)
In-reply-to: <813716b60708190223m6bc5c1b4g8509827ce13b5b7d@xxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

Hi Vincent,

Let me tell you the situation I have
The home page of my site has a form for user to login with user login and passwd. The logic for the "login" is in a file login.php. I do not want this URL to be visible in the home page as part of the form action because then anyone could download my php file and see the source code.

What I was wondering was the Apache web server could somehow figure out which php file to invoke based on some information in the HTTP message other than the URL. This I thouht could be done with some configuration of Apache

Thanks
Rakesh

Vincent Bray <noodlet@xxxxxxxxx> wrote:

On 19/08/07, Rakesh Agarwal wrote:
> I am new to Apache so please excuse me for asking fundamental question.
> I would like to know how is a http message processed by the httpd server. I
> have constructed a POST message with the login details for logging in to a
> website, I would like to know what are the criteria apart from the "action"
> tag with which Apache determines the "PHP" script to be invoked. I need some
> other criteria for invoking the PHP script because I want to hide the actual
> PHP script doing the processing. I require this to prevent the PHP source
> code from getting leaked

Apache doesn't understand, or generally care, about the format of POST
request entities. There's a common misconception that POST ==
application/x-www-form-urlencoded, but there are several encodings one
can use for POST entities.

Hiding PHP is another matter entirely, and somewhat impossible to do
given the various remote crashing bugs it contains. Perhaps you could
explain better what you're trying to hide?

--
noodl

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

Yahoo! oneSearch: Finally, mobile search that gives answers, not web links.

References:
- Re: POST message handling
  - From: Vincent Bray

Prev by Date: How to deny sites
Next by Date: Re: POST message handling
Previous by thread: Re: POST message handling
Next by thread: Re: POST message handling
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]