SitePoint Sponsor |
|
User Tag List
Results 1 to 11 of 11
-
Aug 22, 2001, 06:35 #1
- Join Date
- Jun 2001
- Location
- Thailand
- Posts
- 369
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
How to hide file php on address bar and status bar
Hi all,For security of website.
How to hide php file on address bar, and show only domain www.xxxxx.com.
Generally when click link in website it show filename on status bar. Can I hide it?
How to hide file php on address bar and status bar
-
Aug 22, 2001, 07:09 #2
- Join Date
- Apr 2001
- Location
- Des Moines, IA
- Posts
- 346
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Just curious, but what is your reason for wanting to do this?
And do you want to hide it on the address bar or the status bar?
-
Aug 22, 2001, 07:16 #3
- Join Date
- Jun 2001
- Location
- Thailand
- Posts
- 369
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I want to hide both address bar and status bar
because if someone know file, he may know structure and directory of website may cause hack it.
-
Aug 22, 2001, 07:33 #4
- Join Date
- Apr 2001
- Location
- Sarnia, Ontario, Canada
- Posts
- 434
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
[EDITED for clarity]
Solution one: hide the site in a frame of the main page.
Problem: easily exploitable.
Solution two: change all files to HTML, and parse .html files as PHP.
Problem: still doesn't solve the real problem.
Solution three: change the structure of your site so that it's not as easy to hack.
-
Aug 22, 2001, 10:37 #5
- Join Date
- Aug 2000
- Location
- San Diego, CA
- Posts
- 5,460
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Solution 4:
Stop worrying about it, if someone wants your directory structure I am sure they will find a way to get it, but personally I think you are going a little overboard. What is your basis for taking such measures?Please don't PM me with questions.
Use the forums, that is what they are here for.
-
Aug 22, 2001, 11:33 #6
- Join Date
- Jun 2001
- Location
- Thailand
- Posts
- 369
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
As a Thread that I post
" Big Problem of IIS. Is PHP can prevent it? "
Are you read it?
--------------------------------------------------
Because user can pass variable and value via Addressbar
for example
http://www.xxxxxx.com?auth=1&name=username;
I think it a big problem in security because it can assign all variable?
Recently, I know that we can access and edit file on All server that use IIS (only IIS not Apache or other). By query instruction after address bar. I don't know this instruction but ever seen it. it long instruction. My friend can do it but he don't tell me?
If someone has known this problem please explanation more detail, How to do, and how to prevent, especially how to prevent user type command or vairable after url of website
----------------------------------------
http://www.sitepointforum.com/showth...threadid=31922
If think if hacker know my file and directory he can access my server.
-
Aug 22, 2001, 11:43 #7
- Join Date
- Aug 2000
- Location
- San Diego, CA
- Posts
- 5,460
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
So use POST methods and access variables as $HTTP_POST_VARS[name] only, don't access them as $name. I read your post, still I ask myself, if you believe that someone can access any file on your server, then why do you use IIS?
To answer your questions, I assume you check for some variable $auth and $name. Right? Well don't access them that way access them as $HTTP_POST_VARS[auth] and $HTTP_POST_VARS[name] and use POST method. So now unless they are simulating a POST to your site and passing those variables you will block out people from putting GET varaibles on the end of the url.Please don't PM me with questions.
Use the forums, that is what they are here for.
-
Aug 22, 2001, 12:27 #8
- Join Date
- Jun 2001
- Location
- Thailand
- Posts
- 369
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I don't use IIS. but it has problem, I only don't this problem occur with other webserver. But now I'm confuse with $HTTP_POST_VARS[name]
I show you example that whether use Get or Post method user can define variable
PHP Code:<html><head><title></title></head><body>
<? if ($yourname=="myname") print "Yes"; ?>
<form method="post" action="<? echo $PHP_SELF; ?>">
<input type="text" name="yourname" value="<? echo $HTTP_POST_VARS['yourname']; ?>">
<input type="submit">
</form>
</body>
</html>
and I don't know what different between
PHP Code:name="yourname" value="<? echo $HTTP_POST_VARS['yourname']; ?>"
PHP Code:name="yourname" value="<? echo $yourname; ?>"
-
Aug 22, 2001, 12:31 #9
- Join Date
- Aug 2000
- Location
- San Diego, CA
- Posts
- 5,460
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Almost
PHP Code:<html><head><title></title></head><body>
<? if ($HTTP_POST_VARS['yourname']=="myname") print "Yes"; ?>
<form method="post" action="<? echo $PHP_SELF; ?>">
<input type="text" name="yourname" value="<? echo $HTTP_POST_VARS['yourname']; ?>">
<input type="submit">
</form>
</body>
</html>Please don't PM me with questions.
Use the forums, that is what they are here for.
-
Aug 22, 2001, 12:34 #10
Did you turn register_globals off? You don't have to but it helps you to see the difference
SeanLast edited by seanf; Aug 22, 2001 at 12:38.
Harry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
-
Aug 22, 2001, 12:57 #11
- Join Date
- Jun 2001
- Location
- Thailand
- Posts
- 369
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Thanks everybody to reply me, it work but if I use post method and HTTP_POST_VARS, all previous value in text box will disappear.
And Is this method protect only assing variable in address bar, because hacker that hack IIS webserver don't assign variable in address bar but as i know he type some command about uni-code or something, I don't know
Bookmarks