Web Site Security Hole

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm developing a small web site that does a bit of e-commerce (that is, 
it creates security keys and such). I've been very careful to keep all 
constants used in calculations in a local directory above docroot, but 
all of my main .php pages are in (or under) docroot (my host won't allow 
.php scripts to operate in /cgi-bin). 

I was feeling pretty secure until a friend reminded me you can download 
complete sites by importing them with such tools as FrontPage and 
Dreamweaver. That way, the "protection" provided by the PHP server is 
non-existant.

Someone doing an import would be able to see the specific methodology 
I'm using for calculations and security, even though they wouldn't have 
access to MySQL passwords and constants. But the "security" that 
provides suddenly doesn't seem like much security at all!

Can I manage this situation by setting directory and/or file permissions 
in docroot? Or is there some other solution?

Thanks in advance.

-Don

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux