Possible to view PHP code of a website

Question

Is it possible to somehow view another websites php files codes   Or to rephrase the question  Can my php codes be viewed by anybody except for those who have access to the file   If so  how can I best prevent this   Ps  Server OS is Ubuntu 9 10 and PHP version is 5   Apache2

User · Accepted Answer

A bug or security vulnerability in the server (either Apache or the PHP engine), or your own PHP code, might allow an attacker to obtain access to your code.

For instance if you have a PHP script to allow people to download files, and an attacker can trick this script into download some of your PHP files, then your code can be leaked.

Since it's impossible to eliminate all bugs from the software you're using, if someone really wants to steal your code, and they have enough resources, there's a reasonable chance they'll be able to.

However, as long as you keep your server up-to-date, someone with casual interest is not able to see the PHP source unless there are some obvious security vulnerabilities in your code.

Read the Security section of the PHP manual as a starting point to keeping your code safe.

User · Answer

Noone cand read the file except for those who have access to the file  You must make the code readable  but not writable  by the web server   If the php code handler is running properly you can t read it by requesting by name from the web server     If someone compromises your server you are at risk   Ensure that the web server can only write to locations it absolutely needs to   There are a few locations under  var which should be properly configured by your distribution    They should not be accessible over the web   var www should not be writable  but may contain subdirectories written to by the web server for dynamic content   Code handlers should be disabled for these    Ensure you don t do anything in your php code which can lead to code injection   The other risk is directory traversal using paths containing    or begining with     Apache should already be patched to prevent this when it is handling paths   However  when it runs code  including php  it does not control the paths   Avoid anything that allows the web client to pass a file path

User · Answer

By using exploits or on badly configured servers it could be possible to download your PHP source  You could however either obfuscate and or encrypt your code  using Zend Guard  Ioncube or a similar app  if you want to make sure your source will not be readable  to be accurate  obfuscation by itself could be reversed given enough time resources  but I haven t found an IonCube or Zend Guard decryptor yet

[php] Possible to view PHP code of a website?

Examples related to php

Examples related to html

Examples related to linux

Examples related to security