Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is it possible for someone to ‘hack’ an apache server and read PHP files. I understand that PHP is a server-side language and cannot be read from anywhere other than the server, but could someone hack the server and read them as if reading a text file?
Well yes, if they ever actually hack into the server (SSH, FTP etc.), they may have access to files on the hard disk. A properly configured Apache server will not serve raw PHP files though, it should always process them with the PHP interpreter first.
To avoid problems with misconfigured Apache servers though (even just temporary glitches), it’s advisable to keep the application files outside the public webroot. Put only a small bootstrap PHP file into the webroot which may be exposed in a pinch, but which just
includesother PHP files which are not publicly accessible.