Reputation: 28414
Under what circumstances can a PHP file's source code become viewable in a browser?
I'm fairly new to server administration and PHP programming and I've read a few times that under certain circumstances it's possible that a PHP file's source code might be shown in the browser. This is concerning to me, as it would be very bad if that happened on a business website.
- Under what circumstances might this happen?
- Would putting PHP files above the public_html folder prevent the file from ever being viewed in a browser, eliminating this risk (however it occurs)?
Upvotes: 0
Views: 116
Answers (1)
Reputation: 158100
1 . Under what circumstances might this happen?
A: If the server isn't configured to parse .php files (Thanks @MarkBaker for the brevity)
2 . Would putting PHP files above the public_html folder prevent the file from ever being viewed in a browser, eliminating this risk (however it occurs)?
A: No, if your server is configured to use aliases or follow symlinks the files might get accessible again from remote
The only solution is to configure your server in a way that it handles PHP properly - or denies serving files with that extension at all.
Upvotes: 3
Related Questions
- How can I view PHP source code on a live site?
- How can I display PHP source code on Linux or similar?
- Why is my PHP source code showing?
- Apache2 returns php source code
- Can a client view server-side PHP source code?
- Read source code with PHP
- Possible to view PHP code of a website?
- Why I can view my php source code online?
- PHP code is showing when i show the source in the browser
- Is there any way to view PHP code (the actual code not the compiled result) from a client machine?