Comments on: Web security through threats of violence

by: Max

Mon, 03 Mar 2008 20:59:08 +0000

Normally, that's true - the viewer of the webpage won't see the PHP part. However, if there's just the right kind of server error (spontaneous or not so much), the viewer might end up looking at the unprocessed PHP... ;) If you're just serving pages, a read-only user account might be OK. If you have logins, perhaps use the hardcoded one only to check the actual encrypted ones, then use session ID's for the rest of the pages.

by: adrian

Mon, 03 Mar 2008 11:44:49 +0000

After doing a PHP course, I put together a basic homepage using the stuff I learned, which included putting the mySQL name and password in the PHP source for each page. Now my understanding is that PHP is always processed on the server before being sent out, so people can't just steal my source files and hack my shit.
Is this true or am I just as bad as the guys above?

by: cb

Sun, 02 Mar 2008 00:11:44 +0000

Don't bother, magetoo. It's page after page of people repeating each other. I guess nobody who posts reads past the second page.

by: magetoo

Sat, 01 Mar 2008 20:30:30 +0000

Oh, so that's what happened. I just saw there were 5 pages of comments, thought "oh, flamewar" and skipped over them.

There's 11 pages right now (500+ comments) so this'll keep me entertained for a while.