1
Use a free provider (Hostinger) to remotely test some scripts PHP mine. Some of them use set-cookie to record cookies in the folder in which they are located. The problem is that currently the folder can be fully accessed externally, which allows access to the código fonte of scripts. How to ensure that the scripts function (including having permission to record cookies) and keep them protected from access to fonte?
I’ve read some suggestions here at Stackoverflow about editing .htpaccess, but could not find specific settings for my case. Protect without preventing access to scripts and the recording of cookies.
EDITED::::::::::
I combined two possibilities: obfuscate the php script using a key encryption with http://dragonfly.pro3sis.com/ and add . htaccess, following this orientation: /questions/123803/block_directlisting%C3%B3rio-no-apache
I believe that the PHP code interpreter will not let you display the source code of the script but only the output content it generates.
– Carlos Andrade
@carlos-Andrade, what happens is the following: if available
http://exemplo.com/script/script.php?id=1... when someone types in the browserhttp:/exemplo.com/script/has access to the archivephpscripted.– Antonio Oliveira
Yes Antonio, I understand your position. However, even if someone types this address in the browser or even downloads the script, they will only have access to the output content interpreted by PHP and not the pure source code, that is, the content of the file displayed to it will only be the HTML that PHP generated from the script. Save in cases where PHP is not running on the Server.
– Carlos Andrade
For example: If the content of the script is the following:
<?php echo 'Hello World!'; ?>, what the user will see when entering the address of the page in the browser or downloading the file, will be only: "Hello Word!"– Carlos Andrade