[UPHPU] PHP/MySQL Security
Richard K Miller
richardkmiller at gmail.com
Wed Jul 11 16:06:24 MDT 2007
On Jul 11, 2007, at 3:44 PM, Justin Giboney wrote:
> So, I am reading the book "Essential PHP Security", and I came
> across the part about the mysql username and password, and I have a
> question.
>
> How can someone read a include ending in PHP? I thought the PHP
> code never left the server. He says that the file should not be in
> a public folder, which I can understand, but since you see nothing
> when that page is called through the internet, how can it be read?
>
I believe he's being extra careful, in the rare event that PHP might
break and Apache serve up .php files as plain text. I've seen it
happen once.
More information about the UPHPU
mailing list