Developer Forums | About Us | Site Map
Search  
HOME > PHPMANUAL
Server Side Coding
PHP
Perl
Java
Python
Administration
Book Reviews

Client Side Coding
HTML
JavaScript
CSS
XML
DHTML
Flash

Sponsors


Getting Started
Domain Names
Web Hosting
Site Planning
Legal Issues
Privacy and Trust

Design and Layout
Usability
Accessibility
Design Principals

Databases
MySQL
PostgreSQL
mSQL

Web Host
site hosted by netplex
Partners
Ask A Geek

Online Manuals
php manual

PHP Manual
PrevChapter 15. SecurityNext

Hiding PHP

In general, security by obscurity is one of the weakest forms of security. But in some cases, every little bit of extra security is desirable.

A few simple techniques can help to hide PHP, possibly slowing down an attacker who is attempting to discover weaknesses in your system. By setting expose_php = off in your php.ini file, you reduce the amount of information available to them.

Another tactic is to configure web servers such as apache to parse different filetypes through PHP, either with an .htaccess directive, or in the apache configuration file itself. You can then use misleading file extensions:

Example 15-18. Hiding PHP as another language

# Make PHP code look like other code types
 AddType application/x-httpd-php .asp .py .pl
Or obscure it completely:

Example 15-19. Using unknown types for PHP extensions

# Make PHP code look like unknown types
 AddType application/x-httpd-php .bop .foo .133t
Or hide it as html code, which has a slight performance hit because all html will be parsed through the PHP engine:

Example 15-20. Using html types for PHP extensions

# Make all PHP code look like html
 AddType application/x-httpd-php .htm .html
For this to work effectively, you must rename your PHP files with the above extensions. While it is a form of security through obscurity, it's a minor preventative measure with few drawbacks.

PrevHomeNext
User Submitted DataUpKeeping Current
Copyright 2004-2024 GrindingGears.com. All rights reserved. Site hosted by NETPLEX