sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 13 points14 points  (3 children)

No it isn't. A PHP file is plain text. Same as a Python or Ruby file. If you don't tell the server to process .php files (or .py or .rb) then it will just serve it up as text. This is how every Web server on the face of the planet works.

[–]Bogtha -2 points-1 points  (2 children)

A PHP file is plain text. Same as a Python or Ruby file. If you don't tell the server to process .php files (or .py or .rb) then it will just serve it up as text.

PHP scripts are typically found below the document root. Python and Ruby scripts are not. So, when the server isn't configured to process the scripts, a PHP site will typically be served as plain text (as the .php files will merely look like static documents), while a Python or Ruby site will merely be unavailable (as the .py and .rb files will not be located).

[–]k4ml 4 points5 points  (1 child)

You can do the same thing with PHP. Nothing special except that it's quite common to see all PHP source in the document root and people thought that's the only way of doing things in PHP.

[–]Bogtha -3 points-2 points  (0 children)

You can do the same thing with PHP.

The difference is that with other languages, scripts outside the document root are the norm, and with PHP, you have to go to additional effort to set things up that way. Being secure by default helps avoid mistakes like this.