Read this -- it got me well and truely pointed in the right direction
http://zend.com/zend/trick/tricks-august-2001.php
Justin
On Friday, July 18, 2003, at 01:36 AM, Juan Nin wrote:
I need to do the same and a .htacces file would not suite the problem
I need to do as yahoogroups does
When you
Maria Garcia Suarez <[EMAIL PROTECTED]> wrote:
> Hi there!
>
> I'm developing an application to which you can upload
> files. Right now the destination folder of those files
> is at /public_html/files which makes them visible from
> the internet.
>
> I thought of putting that ./files/ folder outs
I need to do the same and a .htacces file would not suite the problem
I need to do as yahoogroups does
When you upload a file to the Files section, it send by default an e-mail to
the group members with a link to the file
When you click on the link, you're sent to a login page, and after login in
Petre Agenbag wrote:
If you place files inside a webfolder, then they are publicly
accessible, period.
Not true. .htaccess turns a "public" directory into a "private"
directory. Even if you know the path and filename you want, without an
accepted username/password, you're not getting the file.
If you place files inside a webfolder, then they are publicly
accessible, period.
They might not be obvious, ie. you would have to guess that there are
files in a specific folder AND know the exact name of the file, but if
you do happen to guess correct, then the files are downloadable.
There are
IL PROTECTED]>
Sent: Thursday, July 17, 2003 2:58 PM
Subject: [PHP] Protecting files with PHP
> Hi there!
>
> I'm developing an application to which you can upload
> files. Right now the destination folder of those files
> is at /public_html/files which makes them vis
Hi there!
I'm developing an application to which you can upload
files. Right now the destination folder of those files
is at /public_html/files which makes them visible from
the internet.
I thought of putting that ./files/ folder outside the
./public_html/ folder and make those files be only
acce
Hi all,
since this has been asked a lot the last weeks I've published a nice little
script for a generic login system using the HTTP authentication method via
the "401 Unauthorized" header.
It is available at http://www.vogelsinger.at/protected.html.
Its main features are:
- Protects directorie
If the script is readable by the web server (which it must be in order
to be parsed) and the web server only runs as one user (which it usually
does) then your scripts will be readable by other users on the same
server and anyone with command line or telnet/ssh access will have at
least read-only s
I wonder though, if they're on a the same server but different sites. Like a
shared host environment. Aw the things the bewilder the mind.
Nate
"Bryan Lipscy" <[EMAIL PROTECTED]> wrote in message
01c2d710$81a68e20$6301a8c0@ukiuki">news:01c2d710$81a68e20$6301a8c0@ukiuki...
> That is called
That is called Cross-Site Scripting (XSS).
I have not been able to get access to the variables via an XSS exploit.
It appears that Apache renders the php code before sending off the
requesting include function.
I also like the .htaccess way of preventing user access to the scripts.
This is also wo
Just something that crossed my mind a few times. What if another website
includes this file in their own php page. That site can't access those
variables can they? (I'm sure PHP wouldn't allow that but I need to put this
curiousity to rest)
Nate
"Bryan Lipscy" <[EMAIL PROTECTED]> wrote in message
L PROTECTED]>
Sent: Monday, February 17, 2003 5:40 PM
Subject: Re: [PHP] Protecting files
> My preference
>
> 1. if possible, store the files above your public_html directory (doc
> root)... this means they cannot be over http:// by apache, if that isn't
> possible:
>
&g
My preference
1. if possible, store the files above your public_html directory (doc
root)... this means they cannot be over http:// by apache, if that isn't
possible:
2. use .htaccess to either block the entire directory of includes, or all
*.inc files, or whatever you think is best. Personally,
Try putting your files config files in a directory outside of the root
web directory and access the files via the include_path directive in the
php.ini file.
If you dont have access you can add create a .htaccess file or set the
configuration in a php script that is run before your other scripts.
CAPS
>How can I protect my php files among other files like templates
>(.inc) and mysql config (config.inc) files being copied/read/imported
>(front page)/used by other applications other than my site...
>can this be done by htaccess? is so , could anyone point me into right
>direction?
I have
>How can I protect my php files among other files like templates
>(.inc) and mysql config (config.inc) files being copied/read/imported
>(front page)/used by other applications other than my site...
>can this be done by htaccess? is so , could anyone point me into right
>direction?
I have ren
>How can I protect my php files among other files like templates
>(.inc) and mysql config (config.inc) files being copied/read/imported
>(front page)/used by other applications other than my site...
>can this be done by htaccess? is so , could anyone point me into right
>direction?
I have ren
you are
using apache.
See: http://httpd.apache.org/docs/howto/htaccess.html
-Original Message-
From: PR [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 18 February 2003 8:18 AM
To:
Subject: [PHP] Protecting files
Hello,
How can I protect my php files among other files like templates
(.inc
On Mon, 17 Feb 2003 15:32:31 -0600 (CST), Greg Donald
<[EMAIL PROTECTED]> wrote:
On Mon, 17 Feb 2003, PR wrote:
How can I protect my php files among other files like templates
(.inc) and mysql config (config.inc) files being copied/read/imported
(front
page)/used by other applications other t
Hello Greg,
Yes, I am in a shared environment..but I do have access to chmod..
GD> What kind of system is it? If it's unix you can make use of chown and
GD> chmod to protect your stuff. If it's windows, I don't know.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: h
On Mon, 17 Feb 2003, PR wrote:
>How can I protect my php files among other files like templates
>(.inc) and mysql config (config.inc) files being copied/read/imported (front
>page)/used by other applications other than my
>site...
>
>can this be done by htaccess? is so , could anyone point me int
Hello,
How can I protect my php files among other files like templates
(.inc) and mysql config (config.inc) files being copied/read/imported (front
page)/used by other applications other than my
site...
can this be done by htaccess? is so , could anyone point me into right
direction?
--
Thank
> I have some files off of the web root which I'd like to be able to
serve
> up
> to users (*.doc, *.xls). I know I can do this with header(), but how
do I
> reference a file that's outside of the webroot? Thanks!
You can use an absolute or relative path, just like any other reference.
Send the
Hello,
I have some files off of the web root which I'd like to be able to serve up
to users (*.doc, *.xls). I know I can do this with header(), but how do I
reference a file that's outside of the webroot? Thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http:
On Monday 29 October 2001 07:37 am, you wrote:
> what is the script that was mentioned a while back that you use to
> allow apache access to a directory that has all world/group access
> turned off. I
php-cgiwrap.
--kurt
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mai
Hi
what is the script that was mentioned a while back that you use to
allow apache access to a directory that has all world/group access
turned off. It think the discussion was protecting mysql information
on a shared server.
I know this is a popular topic, sorry. I did check the archives but
27 matches
Mail list logo
