Preventing PHP Leakage -

Latest post 08-13-2007 11:16 AM by keithrull. 1 replies.

Page 1 of 1 (2 items)
	Sort Posts: Previous Next

08-13-2007 4:49 AM

bonskijr
Joined on 01-16-2006
Posts 232
Points 3,130

Preventing PHP Leakage

Reply Contact

Facebook's source code was recently served to the user which caused most of it's users worry about security.

Not a PHP dev, but was interested on how the source was served to the users, I remembered couple of years ago I was surprised that a major Philippine newspaper's site served me not only the homepage's code but also the MySql connectionstring(yes user and password and db) hardcoded on that page(php) itself. I emailed the admin and the following day it was ok.

FYI

Filed under: PHP, seacurity breach

Post Points: 20

08-13-2007 11:16 AM In reply to

keithrull
Joined on 08-08-2005
San Diego, CA
Posts 1,956
Points 39,255

Re: Preventing PHP Leakage

Reply Contact

bonskijr:

Facebook's source code was recently served to the user which caused most of it's users worry about security.

Not a PHP dev, but was interested on how the source was served to the users, I remembered couple of years ago I was surprised that a major Philippine newspaper's site served me not only the homepage's code but also the MySql connectionstring(yes user and password and db) hardcoded on that page(php) itself. I emailed the admin and the following day it was ok.

FYI

I remember doing the same thing in 2004. NBA.com was down and for some reason the connection string to the database server was exposed on the error screen. eeeek not a good practice!

Post Points: 5

Page 1 of 1 (2 items)