|
|
Posted by Animesh K on 11/06/07 20:10
Jerry Stuckle wrote:
> NC wrote:
>> On Nov 1, 3:27 pm, Animesh K <animesh1...@gmail.com> wrote:
>>> I have a file abc.php which includes another file (which
>>> primarily has text) called text.php.
>>>
>>> Is there a way I can secure the text.php file without
>>> affecting the include_once('text.php') call in abc.php?
>>>
>>> By secure, I mean the outside user should not be able to
>>> find the file at all.
>>
>> Not really... Apache must be able to serve abc.php, but not
>> text.php. This means that they must reside in different directories.
>> There are two options you can look into:
>>
>> 1. Move text.php outside the Web root, or
>> 2. Move text.php into a subdirectory and prohibit access to
>> that directory from the Web by using an .htaccess file.
>>
>> Alternatively, you may leave the files where they are, but put
>> something like this in the beginning of text.php:
>>
>> if (strpos ($_SERVER['PHP_SELF'], 'abc.php') === false) {
>> die();
>> }
>>
>> In other words, do not execute text.php, unless it is being included
>> into abc.php...
>>
>> Cheers,
>> NC
>>
>>
>
> Or you *can* use .htaccess to disallow access to a specific file. But
> it gets complicated when you add more files.
>
Many thanks to everyone for the various inputs. It was educational and
my query has been successfully answered.
Best,
Animesh
Navigation:
[Reply to this message]
|