How some one can Steal my PHP file?

Question

0.00/5 (No votes)

See more:

I have stored my username and passwords in userinfo.php file.

Someone has told me that it is not a secure way to store passwords etc.
He told me that it is possible to read that file by some one else.

I am so confused.

I know that Web Server execute the PHP code and only send the HTML to the browser.
Then How it is possible to get the PHP code?

I can't understand How some one can read my php file.
Can Some one explain me briefly?

Posted 9-May-11 9:39am

rashidfarooq

Updated 9-May-11 9:46am

Dalek Dave

v2

Add a Solution

Comments

Dalek Dave 9-May-11 15:47pm

Edited for Readability.

2 solutions

Solution 2

The only way to steal you PHP file source code. Is the same way you up or download your website or if someone that is controlling the web server begins to look around.

Check out Zend Guard[^] a PHP encoding and obfuscation

Posted 9-May-11 9:56am

Kim Togo

Comments

Sergey Alexandrovich Kryukov 9-May-11 22:48pm

Kim, obfuscation is certainly a wrong way about security. Griff's right.
This is a password. It does not have to be stored.
--SA

OriginalGriff 10-May-11 2:42am

Who is John? Did an answer get deleted?

Sergey Alexandrovich Kryukov 10-May-11 13:12pm

Probably it's my mistake, and I meant you.
Sorry, Griff.
--SA

Kim Togo 10-May-11 2:45am

SA, I was only focused on PHP code, not that there were saved username and password in php file. :-)
But yes OriginalGriff is correct. Never store plain password text.

Sergey Alexandrovich Kryukov 10-May-11 13:14pm

I still think the obfuscation of PHP on the server makes no sense, but this is not really a programming controversy.
--SA

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2011-05-09T09:45:00

Solution 1

How many people do you think have access to the web server? It's more than you think...
Where on the server did you put the file?
What are the access permissions on the file? On the Folder?

Never store passwords in clear: it is always a security risk.
There is some info (c# code, but the discussion is well worth reading) here: Password Storage: How to do it.[^]

Posted 9-May-11 9:45am

OriginalGriff

Comments

Dalek Dave 9-May-11 15:47pm

Good answer, 5.

Sergey Alexandrovich Kryukov 9-May-11 22:47pm

All correct, a 5. Password does not have to be stored, in fact.
--SA

Kim Togo 10-May-11 2:45am

My 5. Hash is good.

Joan M 10-May-11 14:12pm

My 5... nice answer...