[snip]
It's becoming clearer. But one question concerning:
"the path could be hacked, but if there is a requirement to login to that
folder (because of .htaccess directives) then the hacker will still have to
come up with appropriate authentication."
Since all sensitive files on my site require
On Wednesday 21 August 2002 08:15 am, Jay Blanchard wrote:
> [snip]
> In another thread [How do you protect individual files], Justin French
> stated:
>
> "In real short, you want to store the files outside your htdocs root (so
> they
> can't be served by http) . . ."
>
> My PHP setup serves files
If you can't store stuff ABOVE your doc root, you can protect them with a
.htaccess file.
I use this to refuse all *.inc files from being served:
Order Allow,Deny
Deny from all
With this in mind, a quick visit to the Apache site should get you started
in the right direction.
Justin
"Outside" would be in '/var/www/secure' in your case. Or any other place
your scripts have access to, save under '/var/www/html/'.
HTH, Stas
- Original Message -
From: "Andre Dubuc" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 21, 2002 1:11 PM
Subject: [PHP] Simple
[snip]
In another thread [How do you protect individual files], Justin French
stated:
"In real short, you want to store the files outside your htdocs root (so
they
can't be served by http) . . ."
My PHP setup serves files from DOCUMENT_ROOT=/var/www/html. If I place files
in '/var/www/html/secur
Andre
Doc root = http://www.yoursite.com/
'/var/www/html/secure' = http://www.yoursite.com/secure/
So its not secure
You could use .htaccess files but I am not that clued up on them
John
- Original Message -
From: "Andre Dubuc" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesda
6 matches
Mail list logo
