Portal Home > Knowledgebase > Articles Database > Which is more secure, PHP login or cPanel secure directories
Which is more secure, PHP login or cPanel secure directories
Posted by robinson, 08-24-2009, 05:50 PM |
As the title states which is more secure, a PHP login or the cPanel secure directory option (the PHP login username and pass being stored within a mySql DB)
I would like to password protect a folder.
Which would you recommend?
|
Posted by robotwink, 08-24-2009, 05:59 PM |
You can use both at the same time but if you let me choose one I go for cPanel protection since your code may contain SQL injection, etc. Plus, if you're on a shared hosting server, your config file containing MySQL login details is easily accessible by other users in most cases.
|
Posted by larwilliams, 08-24-2009, 06:03 PM |
All he would have to do is sanitize the variables he is using (the mysql_real_escape_string() function helps with that).
As for other users being able to see his MySQL login details if they are stored in a file, this is a non-issue nowadays with most shared hosts running SuEXEC and SuPHP.
|
Posted by robotwink, 08-24-2009, 06:10 PM |
Do you guarantee me he will do it right?
Script kiddies "nowadays" use cgitelnet and similar stuff if PHP is secured a little bit and then creating a symlink to the file in question. That's just one easy and effective way.
|
Posted by larwilliams, 08-24-2009, 06:26 PM |
SuEXEC runs CGI's as the user specified in the VirtualHost. If Shell Access is disabled for them, stuff like CGI Telnet should not work.
|
Add to Favourites Print this Article
Also Read
Darn DNS (Views: 652)