say if a user knows the path of a php file can the user download the file ? Are there any steps to take to prevent it from happening ?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
say if a user knows the path of a php file can the user download the file ? Are there any steps to take to prevent it from happening ?
As long as your webserver if configured to interpret PHP files, those will be interpreted — which means their output, and not their raw content, will be sent to the users.
Of course, if you have a script that takes a file path as a parameter, and displays the content of that file… you’ll have to make sure that script is secured, to not display the content of PHP files 😉