Kurinchi Blogger Scribbles ... » php.ini setting http://kurinchilamp.kurinchilion.com On Open Source Technologies Mon, 02 Jan 2012 06:14:45 +0000 en hourly 1 http://wordpress.org/?v=3.3 PHP Security: Hiding Program Extensions http://kurinchilamp.kurinchilion.com/2009/05/php-security-hiding-program-extensions.html http://kurinchilamp.kurinchilion.com/2009/05/php-security-hiding-program-extensions.html#comments Thu, 14 May 2009 10:59:54 +0000 kurinchilamp http://kurinchilamp.kurinchilion.com/?p=323 Obfuscating Scripting Language Extension in PHP is one of the technique that is effective to a certain extent in delaying the unscrupulous act of an active hacker. Following are few simple techniques used for hiding the program extensions.

i) Hiding program extension using .htaccess
ii) Hiding program extension using php.ini
iii) Hiding program extension using apache directive configuration

Hiding the program extension using .htaccess 

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.do

Hiding the program extension using php.ini
Set expose_php = off in your php.ini file to hide php extensions and programmatically drive the navigation through your programs.

Hiding the program extension through Apache configuration
<Files index>ForceType application/x-httpd-php </Files>

To make PHP extension look like other program coding, you can add a setting to Apache’s httpd.conf file like …
AddType application/x-httpd-php .asp .aspx .pl .jsp

Depending on the facilities available in your environment, you can choose one of the technique mentioned here. PHP Framework Codeigniter relies on .htaccess to implement program obscurity and CakePHP has its routing algorithm to achieve this purpose.

]]> http://kurinchilamp.kurinchilion.com/2009/05/php-security-hiding-program-extensions.html/feed 0