RE: [PHP] security help

2001-02-08 Thread Thor M. Steindorsson
SAFE MODE!! That's exactly what I was looking for... It did the trick. Thanks Chris. -Original Message- From: Chris [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 08, 2001 4:18 PM To: php Subject: Re: [PHP] security help If you include a file as a link, so the browser

Re: [PHP] security help

2001-02-08 Thread Chris
If you include a file as a link, so the browser sees: www.myserver.com/sercuredir/image.jpg. Than yes, you will be asked for a user and pass. If you include the file in the code, like including another script file, or reading the raw image data and outputting it, then .htaccess will be ignored.

Re: [PHP] security help

2001-02-08 Thread James, Yz
> > In addition, > > > > (if using .htaccess) They would only be able to read the .htpasswd from > > public directory if they had first authorised themselves. The browser will > > prompt them to identify before it allows files from a protected directory to > > be included. > > > > James, > > are

Re: [PHP] security help

2001-02-08 Thread Ben Peter
"James, Yz" wrote: > > In addition, > > (if using .htaccess) They would only be able to read the .htpasswd from > public directory if they had first authorised themselves. The browser will > prompt them to identify before it allows files from a protected directory to > be included. > James,

RE: [PHP] security help

2001-02-08 Thread Thor M. Steindorsson
well, that doesn't really apply, since I can also use /etc/httpd/conf/httpd.conf as an include file and it displays perfectly... -Original Message- From: James, Yz [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 08, 2001 1:54 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] security

Re: [PHP] security help

2001-02-08 Thread James, Yz
In addition, (if using .htaccess) They would only be able to read the .htpasswd from public directory if they had first authorised themselves. The browser will prompt them to identify before it allows files from a protected directory to be included. J. > Make sure that the .htpasswd file is BE

Re: [PHP] security help

2001-02-08 Thread James, Yz
Make sure that the .htpasswd file is BELOW the public files root. That way, it can't be accessed through a browser, unless the person who has written the file to try and read the .htpasswd has uploaded their file to the server it resides on, and has permission to access that low level directory.

[PHP] security help

2001-02-08 Thread Thor M. Steindorsson
Should this be possible? I know this isn't an issue with php, but since I used php to do this, I figured maybe someone here has encountered the same thing, and knows how to help. Is this something that can be fixed by making some changes on the linux server? By using this: "; include("/home/some