|
|
Posted by J.O. Aho on 11/02/07 05:40
Animesh K wrote:
> Steve wrote:
>> "Animesh K" <animesh1978@gmail.com> wrote in message
>> news:fgdnc8$25bu$1@agate.berkeley.edu...
>>> I have a file abc.php which includes another file (which primarily
>>> has text) called text.php.
>>>
>>> Is there a way I can secure the text.php file without affecting the
>>> include_once('text.php') call in abc.php?
>>>
>>> By secure, I mean the outside user should not be able to find the
>>> file at all.
>>>
>>> Of course one method is to obfuscate the name of text.php, but any
>>> simpler solutions are preferred.
>>>
>>> Best regards,
>>> Animesh
>>
>> put it outside the of the web root directory. make sure your web
>> server has permission to acces the file.
>>
>
> Can you please explain it a bit more. Outside of the directory, but where?
>
> Do you mean make a directory for those text files and keep it hidden
> since people will not know where that directory is, so they cannot guess
> it?
In your web server there will be a document root location
DocumentRoot /path/to/a/directory
You then have your first file in
/path/to/a/directory/abc.php
and you would have the "hidden" file in
/path/to/a/text.php
Another solution is to use a directory with .htaccess and set http access to
deny for all and place all files you don't want others to be able to find in
this. This may fail during web server updates, as the htaccess may be disabled
and then all have access to the file. This has also the disadvantage that not
all web-hosts allows this.
A third way to do, which won't prevent the access to the file, but what it
contains is to
<?PHP
if(!DEFINEDTRUE) { exit; }
//your code below
?>
and in the files that are allowed to be used you have
<?PHP
define(DEFINEDTRUE,true);
//your code below
?>
This way accessing text.php would give a completely blank page, while
accessing abc.php would show the content of text.php.
--
//Aho
Navigation:
[Reply to this message]
|