March 2002
Intermediate to advanced
528 pages
21h 29m
English
Content preview from Programming PHPBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Concealing PHP Libraries
Many a hacker has learned of weaknesses by downloading include files or data that are stored alongside HTML and PHP files in the web server’s document root. To prevent this from happening to you, all you need to do is store code libraries and data outside the server’s document root.
For example, if the document root is
/home/httpd/html, everything below that
directory can be downloaded through a URL. It is a simple matter to
put your library code, configuration files, log files, and other data
outside that directory (e.g., in
/usr/local/lib/myapp). This
doesn’t prevent other users on the web server from
accessing those files (see Section 12.4 earlier in this chapter),
but it does prevent the files from being downloaded by remote users.
If you must store these auxiliary files in your document root, you can configure the web server to deny requests for those files. For example, this tells Apache to deny requests for any file with a .inc extension, a common extension for PHP include files:
<Files ~ "\.inc$"> Order allow,deny Deny from all </Files>
If you store code libraries in a different directory from the PHP
pages that use them, you’ll need to tell PHP where
the libraries are. Either give a path to the code in each
include( ) or require( ), or
change include_path in
php.ini:
include_path = ".:/usr/local/php:/usr/local/lib/myapp";
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.