Can a Client View Server-Side PHP Source Code

Can a client view server-side PHP source code?

No, unless

  • There is a server misconfiguration
  • There is a bad echo/include somewhere

Can website visitors see server-side source code?

If I understand your question correctly, no one should be able to access your source code so long as they don't have access to the server. When a browser makes a request for a .php file to the server, the server knows that it must first interpret the script and then send the output from your echo statements and/or inline HTML. As far as I know, there's no way for the user to "trick" the server into sending it as plain text, so I wouldn't worry about that. Also, as long as you disable error reporting, no one should even know you're running php, as there's no ".php" in the URL. Hope this helps :)

Can a client view the source code of a server-side python application

When an application runs on the server, the client can only see the data provided by the server. So, if the server does not specifically share the source code with the client, the client won't be able to read it.

If you distribute an interpreted application to anyone then you are giving the source code to them and they can read it. This applies to Python, Perl, Ruby, and many other languages. Binaries from compiled languages, like C, C++, Java, are shared as binaries. Instead of being human-readable content (source code) you share machine-readable compiled content. Now, since it's machine readable, there are things called "decompilers" that will turn binaries into text, and even that will turn it into highly useful and highly readable text - readable source code. This is even easier if debug is enabled when the compiler creates the binary

Can anyone get access to my PHP source code?

With a correctly configured web server, the PHP code isn't visible to your website visitors. For the PHP code to be accessible by people who visit your website, the server would have to be configured to display it as text instead of processing it as PHP code.

So, in other words, if you visit your website and you see a HTML page and not PHP code, your server is working correctly and no one can get to the PHP code.

How can I view PHP source code on a live site?

No, as it is interpreted on the server-side and the results are sent to the user. If you want to view the source code of a site you control in-browser, consider the FirePHP extension for Firebug, or just access your site files with your preferred method.

Can you see PHP scripts client side?

Nobody can see your code because Apache (or whatever web server you use) is instructed to EXECUTE any .php files rather than simply serve (display) them as it does by default (with .html, .css, .js, etc).

I think what you may have heard of is a general security concern using PHP in general - If you are using a shared host (where other users also use the same server as you) they will generally be able to view your code programmatically, that is to say they can write a PHP script which lists your PHP scripts -- this does require that they know the physical directory your scripts are stored in, but again they could write a PHP script to try and discover this.

Generally speaking this isn't an issue, but if I'm doing anything of a sensitive nature (such as taking card payments) I always ensure I'm working in an environment only I have programmatical access to (ie. a virtual server or a dedicated server -- By virtual server I mean a virtual machine to which I have dedicated exclusive access, do not confuse this with "Virtual Hosts" which are shared servers).

can clients see server side source code ? asp.net

I've never used asp.net before, but i assume it's the same like PHP or Perl. The client only sees what the server is sending to him (like any other network application).

The normal order of execution of things should be ->
A client sends a request to a specific resource. Your server interprets this request and opens the required files for processing. Then a parser goes through your source files and executes your code.

The only way of source code being send to the client is a typo where you miss the " at the end of your strings.


Related Topics

Phpmailer to Use Gmail as Smtp Server.Could Not Connect to Smtp Host. Mailer Error: Smtp Error: Could Not Connect to Smtp Host

Do I Need to Escape Backslashes in PHP

Best Practice for Error Handling Using Pdo

PHP Optional Parameters - Specify Parameter Value by Name

Modify an Existing PHP Function to Return a String

Check If Value Exists Before Inserting into MySQL Db in a PHP Script

Where Clause in Insert Statement Using MySQL/Php

Regular Expression Preg_Quote Symbols Are Not Detected

Setting Up Domainkeys/Dkim in a PHP-Based Smtp Client

Is There Java Hashmap Equivalent in PHP

How to Increment Count in the Replacement String When Using Preg_Replace

How to Convert PHP Regex to JavaScript Regex

PHP Include File in Webroot from File Outside Webroot

Is There a Limit When Using PHP Mail Function

How to Do Url Rewriting in PHP

How to Sort a Multidemensional Array by an Inner Key

How to Properly Create HTML Links in PHP

PHP Get Name of Current Directory


Leave a reply



Submit