can access files OUTSIDE of the document root?

On a website I have moved some secure data from under the document root...

e.g. <our partition on apache webserver>\www\<some directory>

to a more secure position that is NOT under the document root..

e.g. <our partition on apache webserver>\secure\<some directory>

..the idea being to stop canny users who might know/guess the path from being able to browse to the data

Now I've just realised that in our admin pages of the website we have javascript code that tries to access this data (legitimately, since its behind a login screen for admins), but it uses the following:

<a href="javascript: ;" onClick="'<path to secure data>','_blank','scrollbars=yes,menubar=no,resizable=yes,location=no,width=500,height=520,screenX=50,screenY=50;left=50;top=50;');">View File</a>

I'm presuming this won't work for precisely the right reasons, i.e. we are trying to access the secure data via a webrowser, using HTTP, and since its not under the document root any more, we can't get to it.

Is this right?

Is there a way to access this file using javascript here, and STILL keep it where it is (presumably) secure, or will we have to resort to PHP (etc.)'s file uploading/downloading library ?

many thanks!

Who is Participating?
Michel PlungjanConnect With a Mentor IT ExpertCommented:
You will no longer be able to access the files if you access them via the web server
You can of course access the files via the file system if your admin pages are IN that file system
zorba111Author Commented:
Hi mplungian, thanks for that!

The files are not in a file system accessible from the browser as they ae in a remote server (but I can get into it via tools provided by the hosting company)

Is there a good book / article / source that explains all this ?
i.e. what FTP can see, what HTTP can see - how to protect files etc. ?

zorba111Author Commented:
only thing stopped me giving an A was: I would have preferred more explanation

...but overall, very pleased.

thank you 1
All Courses

From novice to tech pro — start learning today.