Posted by raykyoto on 10/03/05 11:18

Hi all,

I'm sure this is a popular question that comes up every few months
here. Indeed, I've looked at some of the past postings, but I would
like to ask things differently.

Basically, I'm using a flat file to storing data. I have to do this
because mySQL is not installed on my web server, and I am not the root
user. The amount of data is so small, that it isn't worth a full-blown
database anyway. However, while the data is nothing valuable
(generally e-mail addresses), I would like to make it as secure as
possible. Both from robots and from other users.

I found this useful posting in comp.lang.php (some parts cut) dating
from 2002:

-----
1. Put the file containing userdata _outside_ your webdirectory.

or

2. Use a robots.txt to tell robots to not read the data.
Save the file to root on your web as robots.txt, and (as an example)
with
the following content:

User-Agent: *
Disallow: /directory_containing_a_lot_of_email_adresses_and
_other_juicy_user_stuff

or

3. Wrap the data in an auth of some sort (may be difficult if you use
that
data for the auth....;-)
-----

I can do #1 and I was wondering if that is sufficient. As the non-root
user, I guess I cannot do #2... Can I also move the php scripts that
write the flat files outside my web directory? Or is that not
necessary?

Also, as the host is a Unix machine, what permissions are suggested for
the following? Of course, I only want the web server and me to be able
to read and write to them. I'm thought about the permissions and have
inserted them below.

1) directory of the php scripts that writes the flat files
-rwx---r-x

2) the php scripts that writes the flat files
-rwx---r-x

3) the directory of the flat files
-rwx---rwx

4) the flat files themselves
-rwx---rw-

Is this possible? Can I do better?

I'm also new to php... I've hard-coded the paths to the flat files
inside my php files, as one must, I guess. Is there a way for people
to see the source of the php files so that they can extract the hard
coded paths?

Thank you!

Ray

• Next in forum: Re: E-mail newsletters - how to control send?
• Prev in forum: Re: concatenate object variable name
• Thread view: Flat file security

[Reply to this message]