possible to steal source?

[mattykewl]

Hi, a guy claims he is able to steal any php file source by simple inputting the url to his 'program' and downloading all the content as it was written, this goes against everything I know, PHP is processed on a server level so how can it be possible to get the source?

 

Is he lying?

 

I'm asking this just for peace of mind.

[hvle]

did you confirmed his theory?

[pocobueno1388]

I wouldn't believe it until you see some proof.

[phil88]

The only way to do that would be to hack the ftp server (or some other server might be able to give you access) or if apache/php wasn't set up correctly.

 

 

Get him to prove it.

[Orio]

Yes, only with direct access to the server (such as FTP) you can do that. If a script is called via http it is being processed by the server first and the output is sent to the requester.

 

Orio.

[DeathStar]

I think its realy unlikly that he is able to do it.

even if he managed to write a program like that someone would have catched him already!!

 

Servers are realy secure these days..

[hvle]

is it possible that if you stress the server enough, it would some how 'forgot' to parse a php file and let you download it instead?

[the_oliver]

Very much doubt it.  By the time the server gets to this stage it wil either run very slow, of just give no responce.  As far as the server is concerned the only way to deal with .php files if to run them first.  The only way it would show it straight would be if php was not installed!

 

I doubt he can do what he says, as not all servers will have the same ports (eg ftp) open.  + as DeathStar servers are quite secure now.

 

If he has though he is minted!