Posted by Philip Hallstrom on 10/07/17 11:14
> I use a page to authorize a user and based on certain criterias (user group
> etc) include a file in another directory (named private)... Everything is
> working fine but the problem is anyone goign directly to
> private/includefile.php can run the script without authorising themselves...
>
> Is it possible to set folder permission such that files inside it cant be
> open directly but could be included?
>
Configure apache to not allow access to the private directory... That will
stop web browsers from getting there, but still allow your php script to
include() a file within it.
Something like the below if you're using apache. Other servers have
similar functionality...
<Location /url/to/private/directory>
Order deny,allow
Deny from all
</Location>
-philip
Navigation:
[Reply to this message]
|