Reply to Re: How can I restrict access to a data file?

Your name:

Reply:


Posted by The Natural Philosopher on 01/09/08 08:46

Rik Wasmus wrote:
> On Wed, 09 Jan 2008 06:03:36 +0100, <phpnoob@tragic.pointyhats.com> wrote:
>
>> I have a php script that processes a form and then posts the user
>> input to a data file on the server in a comma delimited format. For
>> simplicity call the file "data.csv." The script is working well and
>> the data is posted correctly to the data file.
>>
>> The big problem is that anyone can point their web browser to
>> www.mywebsite.com/data/data.csv and see exactly what is contained in
>> the data file. Obviously, I want the data in that file to be hidden
>> to everyone in the world but me. I have to give sufficient
>> permissions to the php script to save the user data from the form to
>> data.csv, but I don't want the world to be able to see the data in
>> that file.
>>
>> I have read and read some more with no luck. I do not run my own
>> server and am just using a hosting site. I have been working with the
>> file permissions, but every time I restrict access to data.csv the
>> script fails to write to the file because the permissions are
>> incorrect. Very frustrating.
>
> File permissions will probably do you little good: the server has to be
> able to write (and read?) it, so it will be able to read & serve it to
> users.
>
> Solutions, in order of desirability:
> 1. Store the file _outside_ the document root, just get it by FTP or SSH
> yourself.
> 2. Restrict acces to an entire directory using an .htaccess file (either
> full (use FTP/SSH), HTTP authenticated, or on your IP) put the file in
> there.
> 3. Add some php code at the start: <?php exit(); ?>, and name in *.php,
> again get it by FTP/SSH.

4. Store the file outside document root, or in a .htaccess protected
directory for which NO HTTP USER ACCESS EXISTS AT ALL and write a php
script that takes a get variable with and obscure reference to something
to pull it.

so i.e you might type URL:/get-my-file.php?file=data.csv:password=5786gjk

or some such.

I myself would go with method 2/. though. Enoiugh to deter casual
hackers, but not overly hard to set up name and password persistently in
your own browser.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация