|
|
Posted by Dave Schwimmer on 02/18/06 06:00
samudasu wrote:
> To start off with, opening a php file won't show you php code. It only
> shows the results of the php script after it's run. ftp should be
> password protected, no one but you will have this password.
>
> I've found that placing sensetive files above document_root works
> nicely like you've mentioned. Here's how it's done:
> /usr/local/apache/htdocs/ is the doc root.
> Make a /usr/local/apache/incfiles/ dir to keep sensitive files, db
> connect srcipts, user/pass info, etc. Users have no direct access to
> these files since they're not in the doc root. Files in this dir are
> used with the include() or require() functions. Users don't need
> permission to this folder so there are no special permissions required.
> The apache user (usually nobody) will access the files.
>
> example:
> /usr/local/apache/htdocs/verifylogin.php is a page you can guess what
> it does.
> I want to include() the script
> "/usr/local/apache/incfiles/chkpass.inc.php" in verifylogin.php that
> connects to the db and check the clients username password.
>
> verifylogin.php...
>
> <?php
> include'../incfiles/chkpass.inc.php';
> ?>
> <html>
> <body>
> <?php
> if user/pass correct
> show this
> if user/pass failed
> show this
> ?>
> </body>
> </html>
>
> If you view source of verifylogin.php you'll see no php code and no
> path / reference to /usr/local/apache/incfiles/chkpass.inc.php.
>
Thank you. This is PRECISELY the sort of information I was looking for.
Navigation:
[Reply to this message]
|