Jump to content

Archived

This topic is now archived and is closed to further replies.

quillspirit

Encrypting db.php page?

Recommended Posts

How can I secure my db.php (I have it named something else) page so if somebody finds it, they can't just view source and see the database login information? Is there a way to easily encrypt it? I've heard of Zend, and know it is enabled on my server, but I have NO clue as to how to use it. Please give me some suggestions. Thanks!

Share this post


Link to post
Share on other sites
Make a PHP page and upload it to your site.  Go to it and view source, you won't see any PHP.  I think the only thing shown is source is what the browser was given to display the page, and since PHP is server side, none of that code is needed by the browser, so it isn't sent. 

Share this post


Link to post
Share on other sites
You could use [url=http://www.zend.com/products/zend_guard]Zend Guard[/url] or [url=http://www.ioncube.com/sa_encoder.php]ionCube PHP Encoder[/url].

Share this post


Link to post
Share on other sites
No one can see the source code of any php file. If you can see the source code (not the output) when you go to view > source code, or when you go to the file itself. Then your server is misconfigured. The only time some will be able to see the source is if they manged to reteive your FTP details and download the file via FTP. Or if your server is configured to show the source code highlighted if you use a .phps extension.

Share this post


Link to post
Share on other sites
Actually I came across a little script somewhere that allows you to enter a .php url into a form, and you can view the unparsed source of any .php page, remotely hosted... it IS possible. Kinda freaked me out when I saw how easy it was. Looks like Zend is my best option, as I can't afford to pay out of pocket for that other one. I just need to figure out how to use it.

Share this post


Link to post
Share on other sites
you can also put your db.php in a directory below /public_html/ so it is not accessible by anybody but the server.

Share this post


Link to post
Share on other sites
[quote author=Crayon Violent link=topic=107133.msg429418#msg429418 date=1157566730]
you can also put your db.php in a directory below /public_html/ so it is not accessible by anybody but the server.
[/quote]

I've heard of that, but I'm not sure what the new path would be - I call db.php from my header.php, which is located at domain/dir/header.php - the db.php is currently at domain/dir/inc/db.php - so I am using

[code]include('./inc/db.php');[/code]

what would be my new path, if I moved it below /public_html/ ?

../../../../db.php ? I always get so confused when it comes to paths... how many dots and such. Thanks for your help.

Share this post


Link to post
Share on other sites
okay let's say you have this as a path:

/home/username/public_html/index.php

you could for instance create a directory called functions on the same level as public_html, with your file db.php

/home/username/functions/db.php
/home/username/public_html/index.php

get it so far? okay so in index.php, you would include it like this:

include '/home/username/functions/db.php';

Share this post


Link to post
Share on other sites
EXCELLENT - Awesome, Thank You! That was simple.

One last quick question... what permissions should I have on that directory?

By default, it is 755 - should I change it?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.