Solved

Securing dir

Posted on 2002-04-19
10
297 Views
Last Modified: 2006-11-17
What is the best way to secure a dir that holds some php include files. I am on apache and as such tried .htaccess and so on, the problem is that the parser will not have access either to the files. what to do. Is there a better way.

Basically what i have is a single file with all the db passwords and the link in stored in a dir called secure under my web path and as such is viewable, what i want to do is stop access to this form the out side world, i thought of moving the dir out side the normal web path but hit a problem I use the following code to get a path to the .inc file

 $scriptArea = "http://" . $HTTP_HOST . "/secure";

this will not work if I move the dir.

So what is the best way to do this.
0
Comment
Question by:kplonk
  • 6
  • 4
10 Comments
 
LVL 4

Expert Comment

by:Gibble
ID: 6969105
windows or unix?
0
 

Author Comment

by:kplonk
ID: 6970037
unix
0
 
LVL 4

Expert Comment

by:Gibble
ID: 6971196
Ok I don't know why I asked because it didn't really matter anyhow :p

Just put the files anywhere outside the /htdocs directory and use the path /home/secure/somefile to access them in your php script, it should work fine.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:kplonk
ID: 6975548
/home/secure/somefile this path does not seem to work, is that all i need

$scriptArea = "/home/secure/inc.inc";

is this correct or do i nned to change somthing
0
 
LVL 4

Expert Comment

by:Gibble
ID: 6977255
You did put the file there right?
"/home/secure/inc.inc";
0
 

Author Comment

by:kplonk
ID: 6977286
yer, but the real path to my site is

/home/sites/site56/scripts

this does not work corectly either do i need some sort ot relitive placer like a ~ or somthing

thanks -k-
0
 
LVL 4

Accepted Solution

by:
Gibble earned 10 total points
ID: 6977312
move the file out of there, put it wherever on the HD, just not in your web directory if you don't want it web accessible, the PHP files should still read it.
0
 

Author Comment

by:kplonk
ID: 6978474
I understand that, the proble i have is how to find the path to it. form any where in the web structure. What i dont know is how to do absolut addresssing in php
0
 

Author Comment

by:kplonk
ID: 6983019
This is the real path
"/home/sites/site56/scripts"
Say the script is running at
"home/sites/site56/web/article/index.php" real path
"http://www.kplonk.com/article/" web path

and the code of the script "index.php" is

<?php

     include "/home/sites/site56/scripts/index.php";

?>

what am I doing wrong..? thanks
-k-
0
 

Author Comment

by:kplonk
ID: 6987534
Thanks for the input on moving the scripts out side of the web folder
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article discusses how to create an extensible mechanism for linked drop downs.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question