Security issues with AddType application/x-httpd-php .html

Forum Moderators: coopster

Message Too Old, No Replies

Security issues with AddType application/x-httpd-php .html

What are the security issues related with parsing PHP into HTML?

ehm01

10:40 pm on Sep 25, 2008 (gmt 0)

My IT people do not allow me to use

AddType application/x-httpd-php .html

on the apache config files because security issues.
Accord to them, if I make a mistake on the sript, it will display on the client's browser, and it will show my data structure and info the client. Since we have some scripts that access our database, it will be a company risk.

I would like to ear from people here who know about it what are the real concerns and risk one will take if they use that addtype for parsing PHP into .html files.

Thank you

eelixduppy

10:44 pm on Sep 25, 2008 (gmt 0)

The only security issue is that if this code isn't correct then the PHP source files that you have saved with a .HTML extension will be shown as text and not parsed as PHP, therefore exposing your source code. If you add this line and it works, then you should have nothing to worry about other than the fact that all your HTML files will be parsed for PHP before output the the browser.

venelin13

11:59 am on Sep 28, 2008 (gmt 0)

It is better to use mod_rewrite. inside an .htaccess file:

RewriteEngine On
RewriteRule ^(.*).html $1.php [L]

You will save all your files with php extension, but you will create all the links with html extension. For example, you will have "contacts.php" file, but the link to this file will be "contacts.html"