Posted by Animesh K on 11/02/07 20:53

J.O. Aho wrote:
> Animesh K wrote:
>> Steve wrote:
>>> "Animesh K" <animesh1978@gmail.com> wrote in message
>>> news:fgdnc8$25bu$1@agate.berkeley.edu...
>>>> I have a file abc.php which includes another file (which primarily
>>>> has text) called text.php.
>>>>
>>>> Is there a way I can secure the text.php file without affecting the
>>>> include_once('text.php') call in abc.php?
>>>>
>>>> By secure, I mean the outside user should not be able to find the
>>>> file at all.
>>>>
>>>> Of course one method is to obfuscate the name of text.php, but any
>>>> simpler solutions are preferred.
>>>>
>>>> Best regards,
>>>> Animesh
>>> put it outside the of the web root directory. make sure your web
>>> server has permission to acces the file.
>>>
>> Can you please explain it a bit more. Outside of the directory, but where?
>>
>> Do you mean make a directory for those text files and keep it hidden
>> since people will not know where that directory is, so they cannot guess
>> it?
>
> In your web server there will be a document root location
> DocumentRoot /path/to/a/directory
>
> You then have your first file in
> /path/to/a/directory/abc.php
>
> and you would have the "hidden" file in
> /path/to/a/text.php
>
> Another solution is to use a directory with .htaccess and set http access to
> deny for all and place all files you don't want others to be able to find in
> this. This may fail during web server updates, as the htaccess may be disabled
> and then all have access to the file. This has also the disadvantage that not
> all web-hosts allows this.
>
> A third way to do, which won't prevent the access to the file, but what it
> contains is to
>
> <?PHP
> if(!DEFINEDTRUE) { exit; }
> //your code below
>
> ?>
>
> and in the files that are allowed to be used you have
> <?PHP
> define(DEFINEDTRUE,true);
> //your code below
>
> ?>
>
> This way accessing text.php would give a completely blank page, while
> accessing abc.php would show the content of text.php.
>

I love the last solution. Many thanks for the same.

Best regards,
Animesh

• Next in forum: Re: Include(filename.php) and security
• Prev in forum: Re: Include(filename.php) and security
• Thread view: Re: Include(filename.php) and security

[Reply to this message]