[nycphp-talk] Php off root

Michele Waldman mmwaldman at
Mon Jan 26 09:45:57 EST 2009



I posted a while back about php dumping to the screen for God knows what
reason, the sys admin or something.

Anyway, I picked up Chris Shiftlett's book "Essential Handbook on Php
Security".  Nestled in the 100 page book was don't keep php in webroot.

I can't remember the reason for that statement, but that cleared up my
concern for code dumping to the screen for God knows what reason.

It also, cleared up my concerns about keeping passwords in php.

Now, a lot of people attacked me for my ignorance, but I'm new to web
development.  I've had my company for just one year now and I haven't been
taking clients of even one year.  My total experience has been about 2 years
part-time.  I was a c programmer for 7 years and have a Computer Science
degree from UC-Berkeley.  I'm no hack.  I'm just a newbie in the web arena.
But, don't go to sleep on me.  I'm a quick study.  Plus, I work at home.
I'd be in a vacuum if it wasn't for the web and these mailing list.

So, anyway for anyone that I caused concern for the solution for me is keep
code off webroot and in webroot just include those file.  Worries over.  Bad
sys admin or no.

Someone have told me that or directed me to a good book, rather than getting
flustered with me.

Frustrated, I went to Barnes and Noble.  When the gal typed in php and
security she found Chris's book and another book that's supposed to be
realeased this month.

For a new programmer, Chris's book is chalked full of good info.  Straight
to the code.  No fluff.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the talk mailing list