Posted by Armin Horner on 11/30/07 13:59

Kim André Akerø schrieb:
>
> First of all, make sure the status.txt file is in a directory that's
> inaccessible from the web (ie. only accessible via your scripts),
> preferably one step below the webroot, although not required.
... it is, ok.

>
> On all my PHP projects, I create a seperate directory called "inc" in
> the webroot (or the root directory of my project). If Apache is used, I
> place a .htaccess file containing the keyword "deny from all" in it.
... i'll use htaccess

> Or, if IIS is used (which has happened on a rare occasion), I make sure
> all outside access is denied for this directory from the IIS manager.
> That way, I protect my code (as well as the base configuration) from
> being exposed and/or accessed directly.
>
> Second, make sure your changestatus.php script ONLY reacts to the "on"
> or "off" keywords. Or any other keyword you'd like to use instead (such
> as "open" or "closed").
>
> Further, to avoid someone outside your organization from setting the
> status (such as opening the URL and making it look like you're closed
> when you're open for business or vice-versa), you should place this
> script under some sort of password protection (either via your CMS or
> via a simple basic authentication method).
>

i'll protect it with a weird name and keywords so nobody switches on and
off.

thanks for help
(.. been a long time ago since i last used php so this is very helpful)

Armin

[Back to original message]