You are here: RE: [PHP] Protecing files « PHP « IT news, forums, messages
RE: [PHP] Protecing files

Posted by "Thomas" on 10/12/02 11:25

Hey guys,

Thanks for all the answers. I had not considered leaving the xml file
outside the webroot (duh!). However, in this case I don't think it would
work, as the project is working through a svn structure (and some boxes run
Linux, otherwise Win).
I thought that the .htaccess would have been the best (apparently not?).
Anyway, I will give the filtering out of the .whatever a shot.

One thing on that: how about portability? What if I didn't have access to
the httpd.conf file of Apache on the live server? How will I enable such
rules (without having to bother the server dude, who may or may not like to
do that)? From that question, .htaccess files seemm the most portable
solution.

Thanks again.

t

-----Original Message-----
From: Rory Browne [mailto:rory.browne@gmail.com]
Sent: 29 August 2005 07:59 PM
To: Thomas
Cc: php-general@lists.php.net
Subject: Re: [PHP] Protecing files

Personally I reckon that you should simply place them outside the webroot.

If you are either too lazy to do this, or too paranoid for this alone,
then you could consider renaming them from filename.xml to
..ht_filename.xml. There is a section in most default apache config
files to make filenames beginning with .ht to be unaccessable.

I would recommend against filtering out .xml files. Whilst they may
only be config files at the minute, you may in future wish to serve up
xml files. I would instead suggest that you change your naming scheme
to have config files ending in .conf, .config, .settings, or .set or
something else non-standard, and fileter out that. A file doesn't have
to be called something.xml to contain xml.

If for example you want to filter out pages ending in .conf, then you
could do something like this(assuming my understanding of apache regex
is correct - big assumption but I'm sure someone will enlighten us if
it's incorrect):
<Files ~ ".conf$">
Order allow,deny
Deny from all
</Files>

You could also shove that into a .htaccess file, but apache docs
recommend against it(or rather they recommend against the enabling of
..htaccess.



On 8/29/05, Thomas <thomas.hochstetter@gmx.net> wrote:
>
>
>
> Hi there,
>
> How can I protect all files with extension .xml from being accessed by the
> outside? For Apache can one use .htaccess (if yes, how?), is there a
generic
> way of keeping stalkers from viewing your config files?
>
> Thomas
>
>
>
>
>
> SPIRAL EYE STUDIOS
> P.O. Box 37907, Faerie Glen, 0043
>
> Tel: +27 12 362 3486
> Fax: +27 12 362 3493
> Mobile: +27 82 442 9228
> Email: thomas.hochstetter@gmx.net
> Web: <http://www.spiraleye.co.za> www.spiraleye.co.za
>
>
>
>
>

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация