Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m a self-taught coder and am getting into php, so please excuse me if this is a basic issue/question.
I’ve been putting together small sites using php and using php file extensions, ie. index.php. But I’ve recently been told that ‘php’ in the page address is not good for security.
Can someone please briefly explain why this might be the case and what I should be doing?
MTIA.
It’s not really important, it just tells someone browsing the site that your app is written in PHP and that helps an attacker because they then have an idea of what to attack.
If you want to conceal it, you can use mod_rewrite to rewrite requests that don’t have a .php extension to the target PHP script. If you’re going to do this, you should also turn off
expose_phpin the php.ini.Note that this doesn’t really make your app more secure, it just makes it that little bit harder for an attacker to figure things out.