amac777 Posted November 10, 2006 Share Posted November 10, 2006 Hi all,My website is hosted on a virtual host machine with many other websites. The host has register_globals set to ON so that old PHP scripts etc will all work without any problems. But I'm worried that due to such a lack of security that somehow a hacker could read files off the hosting computer by exploiting the register_globals set to ON somehow. For example, even by breaking into another website (not in my control) that is hosted on the same server.What can I do to keep my own site more secure?A couple ideas I've had are basically at trying to keep my own php code (which I paid money to have specially developed) from being easily understood by others should they gain access to it.Are there any tools available to:1. Automatically remove all PHP comments from my .php source files? That way I could only upload comment free files to the production server which would be that much harder to understand should someone be able to download them somehow. Obviously, I keep my own source files on my offline testing site with comments in them.2. Totally remove all formating, indenting, new lines etc from the .php source files? The code would be functionally the same but it would be that much harder to understand... Not sure if this would be useful though because they might be able to rerun the code through a beautifier to put it back into readable form. 3. Is there a way to garble the source files or even encrypt them that would be functionally the same but very difficult for a human to understand should they be able to download them somehow?Any other options or suggestions?Thanks in advance,Amac Link to comment https://forums.phpfreaks.com/topic/26786-worried-that-people-can-download-my-php-files-what-can-i-do/ Share on other sites More sharing options...
doni49 Posted November 10, 2006 Share Posted November 10, 2006 2 & 3: Look for "Obfuscate" or "Obfuscation". That being said, I'll add a few comments:1) As long as you're checking/cleaning the variables before using them, register globals shouldn't hurt you.2) You can turn RG off for use in all your scripts--put the following at the top of your scripts: ini_set("register_globals", 0); I'm pretty sure that's the right syntax.3) Files containing sensitive code should be in location that is NOT in the public domain. Add that folder to your include_path. Link to comment https://forums.phpfreaks.com/topic/26786-worried-that-people-can-download-my-php-files-what-can-i-do/#findComment-122488 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.