Sophie

Sophie

distrib > Mandriva > 9.1 > ppc > media > main > by-pkgid > 0afeee9cca140e167a996902b9a677c5 > files > 3171

php-manual-en-4.3.0-2mdk.noarch.rpm

<HTML
><HEAD
><TITLE
>Hiding PHP</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="PHP Manual"
HREF="index.html"><LINK
REL="UP"
TITLE="Security"
HREF="security.html"><LINK
REL="PREVIOUS"
TITLE="User Submitted Data"
HREF="security.variables.html"><LINK
REL="NEXT"
TITLE="Keeping Current"
HREF="security.current.html"><META
HTTP-EQUIV="Content-type"
CONTENT="text/html; charset=ISO-8859-1"></HEAD
><BODY
CLASS="sect1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>PHP Manual</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="security.variables.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 5. Security</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="security.current.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="security.hiding"
></A
>Hiding PHP</H1
><P
>&#13;    In general, security by obscurity is one of the weakest forms of security.
    But in some cases, every little bit of extra security is desirable.
   </P
><P
>&#13;    A few simple techniques can help to hide PHP, possibly slowing
    down an attacker who is attempting to discover weaknesses in your
    system. By setting expose_php = off in your <TT
CLASS="filename"
>php.ini</TT
> file, you
    reduce the amount of information available to them.
   </P
><P
>&#13;    Another tactic is to configure web servers such as apache to
    parse different filetypes through PHP, either with an .htaccess
    directive, or in the apache configuration file itself. You can
    then use misleading file extensions:
    <TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
CLASS="EXAMPLE"
><TR
><TD
><DIV
CLASS="example"
><A
NAME="AEN3099"
></A
><P
><B
>Example 5-18. Hiding PHP as another language</B
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
CELLPADDING="5"
><TR
><TD
><PRE
CLASS="apache-conf"
># Make PHP code look like other code types
AddType application/x-httpd-php .asp .py .pl</PRE
></TD
></TR
></TABLE
></DIV
></TD
></TR
></TABLE
>
    Or obscure it completely:
    <TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
CLASS="EXAMPLE"
><TR
><TD
><DIV
CLASS="example"
><A
NAME="AEN3102"
></A
><P
><B
>Example 5-19. Using unknown types for PHP extensions</B
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
CELLPADDING="5"
><TR
><TD
><PRE
CLASS="apache-conf"
># Make PHP code look like unknown types
AddType application/x-httpd-php .bop .foo .133t</PRE
></TD
></TR
></TABLE
></DIV
></TD
></TR
></TABLE
>
    Or hide it as html code, which has a slight performance hit because
    all html will be parsed through the PHP engine:
    <TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
CLASS="EXAMPLE"
><TR
><TD
><DIV
CLASS="example"
><A
NAME="AEN3105"
></A
><P
><B
>Example 5-20. Using html types for PHP extensions</B
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
CELLPADDING="5"
><TR
><TD
><PRE
CLASS="apache-conf"
># Make all PHP code look like html
AddType application/x-httpd-php .htm .html</PRE
></TD
></TR
></TABLE
></DIV
></TD
></TR
></TABLE
>
    For this to work effectively, you must rename your PHP files with
    the above extensions. While it is a form of security through
    obscurity, it's a minor preventative measure with few drawbacks.
   </P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="security.variables.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="security.current.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>User Submitted Data</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="security.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Keeping Current</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional