develop an application which has users and data saved in a database to access the database from the application use php. the issue is that if in a web page you put the place of the page you can access the list of php files How do I avoid it without blocking access from the application
There is a lot you can do...
https://www.php.net/manual/en/security.hiding.php
These best thing to do is to configure your php server (e.g. Apache) correctly
A simple example of an .htaccess file:
# Start the rewrite engine
RewriteEngine On
RewriteBase /
# Disable Indexing
Options -Indexes
# Remove PHP extension
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.+?)/?$ $1.php
# Deny Access to a Database File
<FilesMatch "database\.txt">
Order allow,deny
Deny from all
</FilesMatch>
1 Like