Hello friends I need your help. Could somebody help me to prevent the following techniques in PHP in cent os(apache web server)
Hi @alagujeeva; welcome to the forums.
No need to panic, as long as your PHP engine is working the code can not be accessed by others, they will only get whatever the PHP code outputs, typically HTML (i.e. the aforementioned “page content”) or sometimes images or JSON.
Yeah, it’s not like HTML or JavaScript where one can simply “View Source”.
Now, if you are putting login/password information in a clear text file (like .txt or .inc), that can be directly accessed. Putting that in a .php file means that only the PHP web server sees it, processes it, and sends the on-the-fly HTML that results from the code to the browser for parsing.
The only way to actually get .php files is via FTP (that I am aware of) - but as long as your FTP password is both long and complex, this shouldn’t be an issue.
AH… I just looked at the link the OP provided. I think I misunderstood the OPs question. Those six methods are for developers to use in order to load content of another webpage.
I think OP wants to protect CONTENT, not the PHP files, themselves.
Is there a way around that? I don’t think so. Basically, if content is viewable, it can be “screen-scraped” or even manually saved via browser for others to pilfer. The only safeguards would be to do things like watermark images so that they would be unusable on another site. But as far as text is concerned, it’s pretty much available to any method of capture - all you can really do is put copyright symbols on it, and occasionally peruse the web to see if anyone else has the exact same content on their site. If you do find your (and I mean “it belongs to you”) content, contacting the host provider usually resolves the issue. If not, then a letter from a lawyer threatening litigation usually will suffice. Beyond that, you have to actually sue to get your content off of another site that has pilfered it.
HTH,
If you want it publicly facing then screenscraping is a real option. Legal protections are your best bet.
The only way to actually get .php files is via FTP (that I am aware of) - but as long as your FTP password is both long and complex, this shouldn’t be an issue.
No, there is no such thing as safe FTP; credentials are transmitted in the clear. You can do ftp/s to get SSL there but that is nightmarish to get working and by that point you might as well just have stood up sshd and called it a day.