How to hide file php on address bar and status bar

[itsource]

Hi all,For security of website.

How to hide php file on address bar, and show only domain www.xxxxx.com.
Generally when click link in website it show filename on status bar. Can I hide it?

How to hide file php on address bar and status bar

[Abstraction]

Just curious, but what is your reason for wanting to do this?

And do you want to hide it on the address bar or the status bar?

[itsource]

I want to hide both address bar and status bar
because if someone know file, he may know structure and directory of website may cause hack it.

[ucahg]

[EDITED for clarity]

Solution one: hide the site in a frame of the main page.
Problem: easily exploitable.

Solution two: change all files to HTML, and parse .html files as PHP.
Problem: still doesn't solve the real problem.

Solution three: change the structure of your site so that it's not as easy to hack.

[freddydoesphp]

Solution 4:
Stop worrying about it, if someone wants your directory structure I am sure they will find a way to get it, but personally I think you are going a little overboard. What is your basis for taking such measures?

[itsource]

As a Thread that I post

" Big Problem of IIS. Is PHP can prevent it? "
Are you read it?


--------------------------------------------------
Because user can pass variable and value via Addressbar
for example
http://www.xxxxxx.com?auth=1&name=username;

I think it a big problem in security because it can assign all variable?

Recently, I know that we can access and edit file on All server that use IIS (only IIS not Apache or other). By query instruction after address bar. I don't know this instruction but ever seen it. it long instruction. My friend can do it but he don't tell me?

If someone has known this problem please explanation more detail, How to do, and how to prevent, especially how to prevent user type command or vairable after url of website
----------------------------------------

http://www.sitepointforum.com/showth...threadid=31922

If think if hacker know my file and directory he can access my server.

[freddydoesphp]

So use POST methods and access variables as $HTTP_POST_VARS[name] only, don't access them as $name. I read your post, still I ask myself, if you believe that someone can access any file on your server, then why do you use IIS?

To answer your questions, I assume you check for some variable $auth and $name. Right? Well don't access them that way access them as $HTTP_POST_VARS[auth] and $HTTP_POST_VARS[name] and use POST method. So now unless they are simulating a POST to your site and passing those variables you will block out people from putting GET varaibles on the end of the url.

[itsource]

I don't use IIS. but it has problem, I only don't this problem occur with other webserver. But now I'm confuse with $HTTP_POST_VARS[name]

I show you example that whether use Get or Post method user can define variable

PHP Code:

<html><head><title></title></head><body>

<?  if ($yourname=="myname") print "Yes"; ?>

<form method="post" action="<? echo $PHP_SELF; ?>">
<input type="text" name="yourname" value="<? echo $HTTP_POST_VARS['yourname'];   ?>">
<input type="submit">
</form>

</body>
</html>

if I type myname in text box or type http://www.xxxxx.com?yourname=myname, the result is same that print "Yes"

and I don't know what different between

PHP Code:

name="yourname"  value="<? echo $HTTP_POST_VARS['yourname'];   ?>"

and

PHP Code:

name="yourname"  value="<? echo $yourname;   ?>"

because it get same result

[freddydoesphp]

Almost

PHP Code:

<html><head><title></title></head><body>

<?  if ($HTTP_POST_VARS['yourname']=="myname") print "Yes"; ?>

<form method="post" action="<? echo $PHP_SELF; ?>">
<input type="text" name="yourname" value="<? echo $HTTP_POST_VARS['yourname'];   ?>">
<input type="submit">
</form>

</body>
</html>

Now the only time Yes will appear is when user puts myname in the form field and clicks submit.

[seanf]

Did you turn register_globals off? You don't have to but it helps you to see the difference

Sean

[itsource]

Thanks everybody to reply me, it work but if I use post method and HTTP_POST_VARS, all previous value in text box will disappear.

And Is this method protect only assing variable in address bar, because hacker that hack IIS webserver don't assign variable in address bar but as i know he type some command about uni-code or something, I don't know