Secure site with PHP

Secure your site unsing only php

Page 1 of 1

9 Replies - 6331 Views - Last Post: 10 August 2005 - 05:20 AM Rate Topic: -----

Poll: Usefull or not? (1 member(s) have cast votes)

Usefull or not?

  1. Yes, quite interesting (1 votes [100.00%])

    Percentage of vote: 100.00%

  2. No, boring (0 votes [0.00%])

    Percentage of vote: 0.00%

  3. IT ain't your ideea (0 votes [0.00%])

    Percentage of vote: 0.00%

Vote Guests cannot vote

#1 BlueVD   User is offline

  • New D.I.C Head
  • member icon

Reputation: 1
  • View blog
  • Posts: 29
  • Joined: 08-August 05

Secure site with PHP

Posted 08 August 2005 - 06:47 AM

While storming my brain one night on how to make my site secure (mainly my users list and email address list) withought using sql (since my provider didn't offered them) I came up with a nice ideea (I belive that I'm not the first person, but who knows):

I've created an empty php file with the following structure:
<?php
/*

*/
echo ("Try somewhere else as***le. No stealing here :P");
?>

Between the multi-line comments my first script (for signup or for login) would add the usernames... Needless to say that if someone would try to steal it he would only get an empty file (except the as***le part) because php would go over the comment, and only execute the echo command. However, the first php file could read it with no problems.
I used it until I changed my webhosting service with no problems.
If you liked it (or not) please answer the poll.

Is This A Good Question/Topic? 0
  • +

Replies To: Secure site with PHP

#2 skyhawk133   User is offline

  • Head DIC Head
  • member icon

Reputation: 1972
  • View blog
  • Posts: 20,426
  • Joined: 17-March 01

Re: Secure site with PHP

Posted 08 August 2005 - 09:12 AM

I'm not sure I understand, are you hiding data in the php file between the comments? Normally, users can't see inside a php file anyway as it is run through the interpreter before being handed off to the web server and subsequently, the user.
Was This Post Helpful? 0
  • +
  • -

#3 BlueVD   User is offline

  • New D.I.C Head
  • member icon

Reputation: 1
  • View blog
  • Posts: 29
  • Joined: 08-August 05

Re: Secure site with PHP

Posted 08 August 2005 - 09:21 AM

The thing is that I saw a lot of people (usualy beginers) usinf flat files to store data with php... the problem is that they can be downloaded... But using a php file and enter the data betweeb comments, the data is skiped by the parser.

ex:
users.txt contains:
me:my pass
him:his pass

users.php contains:
<? /*
me:my pass
him:his pass
*/ ?>

Dowloaded, the text file will contain the users and passwords...
However, the php file will be blank (because the server parsed it and didn't include nothing in the multiline comment)
This is the basic ideea
Was This Post Helpful? 0
  • +
  • -

#4 skyhawk133   User is offline

  • Head DIC Head
  • member icon

Reputation: 1972
  • View blog
  • Posts: 20,426
  • Joined: 17-March 01

Re: Secure site with PHP

Posted 08 August 2005 - 09:25 AM

Ahhh, mmmk. Without thinking about it to much, that seems like a viable solution. I've always had SQL available to me though only dealt with flat files once or twice... sad I know.
Was This Post Helpful? 0
  • +
  • -

#5 Amadeus   User is offline

  • g+ + -o drink whiskey.cpp
  • member icon

Reputation: 253
  • View blog
  • Posts: 13,507
  • Joined: 12-July 02

Re: Secure site with PHP

Posted 08 August 2005 - 09:31 AM

This is a good solution...you can, however, use flat files if you set server permissions correctly for the file.
Was This Post Helpful? 0
  • +
  • -

#6 snoj   User is offline

  • Married Life
  • member icon

Reputation: 93
  • View blog
  • Posts: 3,583
  • Joined: 31-March 03

Re: Secure site with PHP

Posted 08 August 2005 - 07:42 PM

If you are using php files, why not make use of array's? Or even serialized arrays?

Just an idea.
Was This Post Helpful? 0
  • +
  • -

#7 cyberscribe   User is offline

  • humble.genius
  • member icon

Reputation: 10
  • View blog
  • Posts: 1,062
  • Joined: 05-May 02

Re: Secure site with PHP

Posted 08 August 2005 - 10:01 PM

A common application of this idea is in conjunction with parse_ini_file, such as:
#<?php die(); /*
[foo]
bar=baz;
#*/ ?>


Was This Post Helpful? 0
  • +
  • -

#8 jonic   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 36
  • Joined: 30-May 03

Re: Secure site with PHP

Posted 10 August 2005 - 05:08 AM

BlueVD, on Aug 8 2005, 05:21 PM, said:

users.php contains:
<? /*
me:my pass
him:his pass
*/ ?>

Now forgive me if I'm wrong, I may have misread your explanation of this method.

But if you wanted to use any of the data that is inside the comments in this file you wouldn't be able to. PHP would see it as what it is, a comment, and simlpy pass over it.

<?php
    /* $var1 = "data"; */
    echo("var1 = $var1");
?>


That would simply output:

var1 = 


I'm not entirely sure I understand this. I'd also recommend switching to a host that provides a MySQL server. It's a much more secure way of storing sensitive data. Not the most secure way, but secure enough.

Sorry, this wasn't all that helpful at all! My comment here that is. If your method works for you then great, but I'd use sql.

This post has been edited by jonic: 10 August 2005 - 05:16 AM

Was This Post Helpful? 0
  • +
  • -

#9 Amadeus   User is offline

  • g+ + -o drink whiskey.cpp
  • member icon

Reputation: 253
  • View blog
  • Posts: 13,507
  • Joined: 12-July 02

Re: Secure site with PHP

Posted 10 August 2005 - 05:14 AM

His method does work, as the file is accessed by another php file, one whose function is to parse the commented file, and therefore grab the variable values as strings, and use them. When viewed from a browser, however, the strings would not appear.

He's not talking about having that one commented file do all the work, but to be there to be accessed by another file.
Was This Post Helpful? 0
  • +
  • -

#10 jonic   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 36
  • Joined: 30-May 03

Re: Secure site with PHP

Posted 10 August 2005 - 05:20 AM

Right, I understand now.

Well in that case it's a nice way of going about it I guess!

Sorry for the confusion!
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1