Results 1 to 4 of 4
  1. #1
    Join Date
    Sep 2003
    Posts
    47

    Unanswered: Include security?

    I have a sensitive PHP file on my server and I want stop anyone being able to do a PHP include to the file and grab the variables etc. How can I stop that?

  2. #2
    Join Date
    Oct 2003
    Posts
    706
    No one outside of your system can invoke a PHP file and obtain any variables by doing so.

    To obtain variable settings one would have to run a PHP program on your server which would include the file and then call phpInfo(). But no one outside can do that.
    ChimneySweep(R): fast, automatic
    table repair at a click of the
    mouse! http://www.sundialservices.com

  3. #3
    Join Date
    Sep 2003
    Posts
    47
    But
    include(http://www.domain.com/file.php);
    Would grab the file right?

  4. #4
    Join Date
    Apr 2004
    Location
    NC
    Posts
    2
    Well yes, it would grab the file, but it wouldn't grab anything server side. Because the file is still located on your server, it is parsed on your server. So all they would get is the html produced by the php.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •