Created
March 21, 2011 19:08
-
-
Save slant/880003 to your computer and use it in GitHub Desktop.
An example to demonstrate why you should never store passwords in web-accessible PHP files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Located one level below the DocumentRoot | |
| <?php $secure_password = "i_am_so_smrt"; ?> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Located just inside the DocumentRoot | |
| <p> | |
| Bad idea: | |
| <?php $insecure_password = "steal_my_stuff"; ?> | |
| <?php echo $insecure_password; ?> | |
| </p> | |
| <p> | |
| Good idea: | |
| <?php include '../config.php'; ?> | |
| <?php echo $secure_password; ?> | |
| </p> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment