Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m a total newb to security, so I have a really simple question:
Is it a security hazard to include the full path to my user directory in an open-source script?
I mean like include '/home/myusername/script.php'
Thanks!
Not totally a security hazard, as your username is not necessarily expected to be a secret. But if you want it to work for lots of people and avoid this problem at the same time, use the $HOME env var instead.
EDIT: Whoops, sorry assumed this was a bash script. Don’t know if you can access env vars from PHP and whether your ‘import’ paths can use them, so you can ignore that second part, but the first part is still valid.