|
Ide.php is a powerful tool, which gives the user ability to execute
arbitrary server-side code on the webserver where it resides. For this reason,
it's also a very dangerous tool if it's not set up in a secure way.
The secure way to set up Ide.php is to arrange that
no one else has access to it. This can be done in two ways:
- Use a personal webserver. This is the preferred alternative.
Get Apache & PHP and install them on your computer. If that's not possible,
consider using VMware to set up a second operating system in your computer,
wherein you can run Apache & PHP.
- Use password protection. If you have to put Ide.php on a public webserver,
you should put it in a password protected area. Since password protection often uses
HTTP Authentication, this could cause a problem if you're
using Ide.php to write and test code that sends its own HTTP Authentication headers.
Depending on the amount of feedback received,
I'm considering integrating
a cookie-based authentication scheme into Ide.php, which would allow for easy and secure setup,
while eliminating potential conflicts using HTTP Authentication headers. |