Posted by Jerry Stuckle on 11/05/07 20:17

NC wrote:
> On Nov 1, 3:27 pm, Animesh K <animesh1...@gmail.com> wrote:
>> I have a file abc.php which includes another file (which
>> primarily has text) called text.php.
>>
>> Is there a way I can secure the text.php file without
>> affecting the include_once('text.php') call in abc.php?
>>
>> By secure, I mean the outside user should not be able to
>> find the file at all.
>
> Not really... Apache must be able to serve abc.php, but not
> text.php. This means that they must reside in different directories.
> There are two options you can look into:
>
> 1. Move text.php outside the Web root, or
> 2. Move text.php into a subdirectory and prohibit access to
> that directory from the Web by using an .htaccess file.
>
> Alternatively, you may leave the files where they are, but put
> something like this in the beginning of text.php:
>
> if (strpos ($_SERVER['PHP_SELF'], 'abc.php') === false) {
> die();
> }
>
> In other words, do not execute text.php, unless it is being included
> into abc.php...
>
> Cheers,
> NC
>
>

Or you *can* use .htaccess to disallow access to a specific file. But
it gets complicated when you add more files.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]