SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How to hide file php on address bar and status bar

    Hi all,For security of website.

    How to hide php file on address bar, and show only domain www.xxxxx.com.
    Generally when click link in website it show filename on status bar. Can I hide it?

    How to hide file php on address bar and status bar

  2. #2
    code addict Abstraction's Avatar
    Join Date
    Apr 2001
    Location
    Des Moines, IA
    Posts
    346
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just curious, but what is your reason for wanting to do this?

    And do you want to hide it on the address bar or the status bar?

  3. #3
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I want to hide both address bar and status bar
    because if someone know file, he may know structure and directory of website may cause hack it.

  4. #4
    SitePoint Evangelist ucahg's Avatar
    Join Date
    Apr 2001
    Location
    Sarnia, Ontario, Canada
    Posts
    434
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    [EDITED for clarity]

    Solution one: hide the site in a frame of the main page.
    Problem: easily exploitable.

    Solution two: change all files to HTML, and parse .html files as PHP.
    Problem: still doesn't solve the real problem.

    Solution three: change the structure of your site so that it's not as easy to hack.

  5. #5
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Solution 4:
    Stop worrying about it, if someone wants your directory structure I am sure they will find a way to get it, but personally I think you are going a little overboard. What is your basis for taking such measures?
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  6. #6
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As a Thread that I post

    " Big Problem of IIS. Is PHP can prevent it? "
    Are you read it?


    --------------------------------------------------
    Because user can pass variable and value via Addressbar
    for example
    http://www.xxxxxx.com?auth=1&name=username;

    I think it a big problem in security because it can assign all variable?

    Recently, I know that we can access and edit file on All server that use IIS (only IIS not Apache or other). By query instruction after address bar. I don't know this instruction but ever seen it. it long instruction. My friend can do it but he don't tell me?

    If someone has known this problem please explanation more detail, How to do, and how to prevent, especially how to prevent user type command or vairable after url of website
    ----------------------------------------

    http://www.sitepointforum.com/showth...threadid=31922

    If think if hacker know my file and directory he can access my server.

  7. #7
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So use POST methods and access variables as $HTTP_POST_VARS[name] only, don't access them as $name. I read your post, still I ask myself, if you believe that someone can access any file on your server, then why do you use IIS?

    To answer your questions, I assume you check for some variable $auth and $name. Right? Well don't access them that way access them as $HTTP_POST_VARS[auth] and $HTTP_POST_VARS[name] and use POST method. So now unless they are simulating a POST to your site and passing those variables you will block out people from putting GET varaibles on the end of the url.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  8. #8
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't use IIS. but it has problem, I only don't this problem occur with other webserver. But now I'm confuse with $HTTP_POST_VARS[name]

    I show you example that whether use Get or Post method user can define variable

    PHP Code:
    <html><head><title></title></head><body>

    <?  if ($yourname=="myname") print "Yes"?>

    <form method="post" action="<? echo $PHP_SELF?>">
    <input type="text" name="yourname" value="<? echo $HTTP_POST_VARS['yourname'];   ?>">
    <input type="submit">
    </form>

    </body>
    </html>
    if I type myname in text box or type http://www.xxxxx.com?yourname=myname, the result is same that print "Yes"

    and I don't know what different between

    PHP Code:
    name="yourname"  value="<? echo $HTTP_POST_VARS['yourname'];   ?>"
    and
    PHP Code:
    name="yourname"  value="<? echo $yourname;   ?>"
    because it get same result

  9. #9
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Almost

    PHP Code:
    <html><head><title></title></head><body>

    <?  if ($HTTP_POST_VARS['yourname']=="myname") print "Yes"?>

    <form method="post" action="<? echo $PHP_SELF?>">
    <input type="text" name="yourname" value="<? echo $HTTP_POST_VARS['yourname'];   ?>">
    <input type="submit">
    </form>

    </body>
    </html>
    Now the only time Yes will appear is when user puts myname in the form field and clicks submit.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  10. #10
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Did you turn register_globals off? You don't have to but it helps you to see the difference

    Sean
    Last edited by seanf; Aug 22, 2001 at 12:38.
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  11. #11
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks everybody to reply me, it work but if I use post method and HTTP_POST_VARS, all previous value in text box will disappear.

    And Is this method protect only assing variable in address bar, because hacker that hack IIS webserver don't assign variable in address bar but as i know he type some command about uni-code or something, I don't know


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •