28, May 2012

using full path in code - webmaster forum

 
Webdigity webmaster forums
[ Home | Help | Search | Forum's Shop | Archive | Login | Register | Webmaster Directory ]
Webdigity Webmaster Forums  >  Web Development  >  PhP
Topic: using full path in code		 « previous next »
Pages: [1] Print
Instabuck - The easy way to sell digital products online

Author Topic: using full path in code  (Read 1707 times)
Bill Gates is my home boy
*****
Gender: Female
Posts: 710
4449 credits
Members referred : 2
« on: Jul 25, 2009, 09:38:05 pm »
I'm working on a bit of php code and one of the functions requires use of the full path; i.e. the one that includes /home/account_name/public_html/...

Is using the hosting account name in php code a big security risk? Would I be giving a hacker information that they couldn't easily find elsewhere?
www.yourmessageconsultant.com, providing online content and printed marketing materials.
www.helpforwebbeginners.com, Tutorials and how to's for new  webmasters.
www.CraftyTips.com, a unique Arts & Crafts Directory
www.nocans.com - Pet Food Recipe Site
www.petsiteguides.com - A New Pet Directory

Last blog : Spring Cleaning at Crafty Tips
I am a metal monkey!
Administrator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 5799
46391 credits
Members referred : 3
« Reply #1 on: Jul 27, 2009, 11:28:10 am »
No it is not a security risk. If the hacker could execute php code in your account they could use a command like:

echo dirname__FILE__ );
?>

This will expose the directory that the file exists
Trial and Error my two best teachers Cool
Join us @ facebook or twitter

Last blog : Butterfly Marketing 2.0
Bill Gates is my home boy
*****
Gender: Female
Posts: 710
4449 credits
Members referred : 2
« Reply #2 on: Jul 27, 2009, 02:59:49 pm »
So, if I'm understanding you correctly; the account name is something a hacker could find on their own anyway?

My concern is that I'm just not making it easier for someone to try to log in to my account by providing them with the user name and making it a matter of guessing the password.
www.yourmessageconsultant.com, providing online content and printed marketing materials.
www.helpforwebbeginners.com, Tutorials and how to's for new  webmasters.
www.CraftyTips.com, a unique Arts & Crafts Directory
www.nocans.com - Pet Food Recipe Site
www.petsiteguides.com - A New Pet Directory

Last blog : Spring Cleaning at Crafty Tips
I am a metal monkey!
Administrator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 5799
46391 credits
Members referred : 3
« Reply #3 on: Jul 28, 2009, 12:21:41 am »
Yeah knowing the directory is the most simple thing. In fact this is someting that in most cases you can guess as cpanel (or any other common hosting control panel software) has a standard way to create directories.
Trial and Error my two best teachers Cool
Join us @ facebook or twitter

Last blog : Butterfly Marketing 2.0
Bill Gates is my home boy
*****
Gender: Female
Posts: 710
4449 credits
Members referred : 2
« Reply #4 on: Jul 28, 2009, 02:39:58 am »
Thank you Nikolas.
www.yourmessageconsultant.com, providing online content and printed marketing materials.
www.helpforwebbeginners.com, Tutorials and how to's for new  webmasters.
www.CraftyTips.com, a unique Arts & Crafts Directory
www.nocans.com - Pet Food Recipe Site
www.petsiteguides.com - A New Pet Directory

Last blog : Spring Cleaning at Crafty Tips
Sandwich Artist
*
Posts: 25
150 credits
Members referred : 0
« Reply #5 on: Dec 08, 2010, 11:06:18 pm »
Thanks for this cod.
Where are my glasses?
*
Posts: 21
134 credits
Members referred : 0
« Reply #6 on: Mar 25, 2011, 11:27:31 pm »
nice tip thanks
I wish I was an Oscar winner
**
Posts: 92
576 credits
Members referred : 0
« Reply #7 on: Apr 14, 2011, 06:24:51 pm »
Yeah don't use it or use it .
Trackback URI for this entry : http://www.webdigity.com/trackback.php?topic=8978
Tags : php security Bookmark this thread : Digg Del.icio.us Dzone more....

Pages: [1] Print 
Webdigity Webmaster Forums  >  Web Development  >  PhP
Topic: using full path in code		 « previous next »
Jump to:
User Area
Welcome, Guest. Please login or register.
Did you miss your activation email?
May 28, 2012, 11:09:08 pm





Login with username, password and session length

Donate to our community, and get a permanent link back to your site!

Donate to our community, and get a permanent link back to your site!


Forum Statistics
Total Posts: 62.885
Total Topics: 11.040
Total Members: 21.469
Tutorials : 58
Resources : 929
Designs : 395
Latest Member: onlinecollegesunivinfo

115 Guests, 1 User online :

41 users online today:

Recent topics
Re: Email Forwarding Servic...
EssayPartner ? converting E...
New Webmaster Forum
Re: BIOS Settings
Any one Played The Movies?...
What is BSOD?
Re: [Website] Posturepedic ...
Re: Is the Website Review S...

HumanWorks Network
Technology news
Webmaster articles
Sublime web directory
RSS Feed directory and viewer


Web Design Gallery · Whois Lookup · Pagerank · Tag Browsing · Lo-fi version · Syndication · Webmaster forum history · Advertise
Developed by HumanWorks © 2005 - 2012 Webdigity webmaster community · sublime directory
Webdigity Webmaster Forums | Powered by SMF 1.0.12. © 2001-2005, Lewis Media. All Rights Reserved.