Which is more secure, PHP login or cPanel secure directories

Portal Home > Knowledgebase > Articles Database > Which is more secure, PHP login or cPanel secure directories

Posted by robinson, 08-24-2009, 05:50 PM
As the title states which is more secure, a PHP login or the cPanel secure directory option (the PHP login username and pass being stored within a mySql DB) I would like to password protect a folder. Which would you recommend?
Posted by robotwink, 08-24-2009, 05:59 PM
You can use both at the same time but if you let me choose one I go for cPanel protection since your code may contain SQL injection, etc. Plus, if you're on a shared hosting server, your config file containing MySQL login details is easily accessible by other users in most cases.
Posted by larwilliams, 08-24-2009, 06:03 PM
All he would have to do is sanitize the variables he is using (the mysql_real_escape_string() function helps with that). As for other users being able to see his MySQL login details if they are stored in a file, this is a non-issue nowadays with most shared hosts running SuEXEC and SuPHP.
Posted by robotwink, 08-24-2009, 06:10 PM
Do you guarantee me he will do it right? Script kiddies "nowadays" use cgitelnet and similar stuff if PHP is secured a little bit and then creating a symlink to the file in question. That's just one easy and effective way.
Posted by larwilliams, 08-24-2009, 06:26 PM
SuEXEC runs CGI's as the user specified in the VirtualHost. If Shell Access is disabled for them, stuff like CGI Telnet should not work.