Jump to content


Photo

Encrypting db.php page?


  • Please log in to reply
8 replies to this topic

#1 quillspirit

quillspirit
  • Members
  • PipPipPip
  • Advanced Member
  • 33 posts
  • LocationOregon, USA

Posted 06 September 2006 - 05:30 PM

How can I secure my db.php (I have it named something else) page so if somebody finds it, they can't just view source and see the database login information? Is there a way to easily encrypt it? I've heard of Zend, and know it is enabled on my server, but I have NO clue as to how to use it. Please give me some suggestions. Thanks!
Peace,
Shawn
Simple PHP

#2 Wintergreen

Wintergreen
  • Members
  • PipPipPip
  • Advanced Member
  • 107 posts

Posted 06 September 2006 - 05:34 PM

Make a PHP page and upload it to your site.  Go to it and view source, you won't see any PHP.  I think the only thing shown is source is what the browser was given to display the page, and since PHP is server side, none of that code is needed by the browser, so it isn't sent. 

#3 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 06 September 2006 - 05:37 PM

You could use Zend Guard or ionCube PHP Encoder.

#4 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 06 September 2006 - 05:41 PM

No one can see the source code of any php file. If you can see the source code (not the output) when you go to view > source code, or when you go to the file itself. Then your server is misconfigured. The only time some will be able to see the source is if they manged to reteive your FTP details and download the file via FTP. Or if your server is configured to show the source code highlighted if you use a .phps extension.

#5 quillspirit

quillspirit
  • Members
  • PipPipPip
  • Advanced Member
  • 33 posts
  • LocationOregon, USA

Posted 06 September 2006 - 06:16 PM

Actually I came across a little script somewhere that allows you to enter a .php url into a form, and you can view the unparsed source of any .php page, remotely hosted... it IS possible. Kinda freaked me out when I saw how easy it was. Looks like Zend is my best option, as I can't afford to pay out of pocket for that other one. I just need to figure out how to use it.
Peace,
Shawn
Simple PHP

#6 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 06 September 2006 - 06:18 PM

you can also put your db.php in a directory below /public_html/ so it is not accessible by anybody but the server.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#7 quillspirit

quillspirit
  • Members
  • PipPipPip
  • Advanced Member
  • 33 posts
  • LocationOregon, USA

Posted 06 September 2006 - 06:35 PM

you can also put your db.php in a directory below /public_html/ so it is not accessible by anybody but the server.


I've heard of that, but I'm not sure what the new path would be - I call db.php from my header.php, which is located at domain/dir/header.php - the db.php is currently at domain/dir/inc/db.php - so I am using

include('./inc/db.php');

what would be my new path, if I moved it below /public_html/ ?

../../../../db.php ? I always get so confused when it comes to paths... how many dots and such. Thanks for your help.
Peace,
Shawn
Simple PHP

#8 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 06 September 2006 - 06:39 PM

okay let's say you have this as a path:

/home/username/public_html/index.php

you could for instance create a directory called functions on the same level as public_html, with your file db.php

/home/username/functions/db.php
/home/username/public_html/index.php

get it so far? okay so in index.php, you would include it like this:

include '/home/username/functions/db.php';
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#9 quillspirit

quillspirit
  • Members
  • PipPipPip
  • Advanced Member
  • 33 posts
  • LocationOregon, USA

Posted 06 September 2006 - 07:09 PM

EXCELLENT - Awesome, Thank You! That was simple.

One last quick question... what permissions should I have on that directory?

By default, it is 755 - should I change it?
Peace,
Shawn
Simple PHP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users