- Thoughts about the Facebook code leak
Author’s note
This post was recovered from my old blog via the Wayback Machine. It has been edited for grammar.
@jbnunn
25-Sept 2022
Thoughts about the Facebook code leak - Oct 26 2007
On the 10th or 11th of August, a portion of Facebook’s PHP code was accidentally leaked. Facebook made a comment on a blog reporting the story that pointed to a problem with mod_php displaying their index page as plain-text.
Some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.
As a developer, I have two equal but opposite thoughts about this:
- I would hate for my code to leak and give away any hints as to the security or well-being of my sites. But…
- Since I develop alone, it’s always great for me to see how other developers go about writing code and developing their sites.
I have seen the code, and there’s nothing earth-shattering in there that should give the guys at Facebook much to worry about. They may have to change some directory structures, but the code uses so many includes and external functions that it’ll be very difficult for anyone to do anything too nefarious with it. Since I wouldn’t want people passing my code around, I’m not linking directly to it here. You can find it pretty easily without my help anyway.
Nik Cubrilovic has some good methods on trying to fix these kind of leaks, and I’ll be implementing them ASAP on my servers.
- @jbnunn