YMC
Sat 25 July 2009, 09:38 pm GMT +0200
I'm working on a bit of php code and one of the functions requires use of the full path; i.e. the one that includes /home/account_name/public_html/...
Is using the hosting account name in php code a big security risk? Would I be giving a hacker information that they couldn't easily find elsewhere?
Nikolas
Mon 27 July 2009, 11:28 am GMT +0200
No it is not a security risk. If the hacker could execute php code in your account they could use a command like:
echo dirname( __FILE__ );
?>
This will expose the directory that the file exists
YMC
Mon 27 July 2009, 02:59 pm GMT +0200
So, if I'm understanding you correctly; the account name is something a hacker could find on their own anyway?
My concern is that I'm just not making it easier for someone to try to log in to my account by providing them with the user name and making it a matter of guessing the password.
Nikolas
Tue 28 July 2009, 12:21 am GMT +0200
Yeah knowing the directory is the most simple thing. In fact this is someting that in most cases you can guess as cpanel (or any other common hosting control panel software) has a standard way to create directories.
YMC
Tue 28 July 2009, 02:39 am GMT +0200
Thank you Nikolas.
charls.adam
Wed 8 December 2010, 11:06 pm GMT +0100
Thanks for this cod.
safeguardclothing
Fri 25 March 2011, 11:27 pm GMT +0100
nice tip thanks
healthtourism
Thu 14 April 2011, 06:24 pm GMT +0200
Yeah don't use it or use it .