On Thu, Dec 20, 2001 at 09:09:25PM +0100, Gerald Richter wrote:
>
>
> > Does anyone have an example how to set up httpd.conf
> > so that there is a separation between public and private code:
> >
> > .../epl/ public/ index.html
> > private/
> > my private .epl code
> >
> > The DocumentRoot will be .../epl/public/
> > Yet in index.html I can Execute stuff in private/
> >
>
> Just put your private code _not_ underneath DocumentRoot, then it isn't
> accessable from outside, but since Execute uses filenames and not URLs it is
> accessable by Execute
it's not quite the same thing, but where I work we've begun naming
some of our epl with .epf and .epb extensions - for embedded perl
fragments ( building blocks used on multiple pages ) and embedded perl
bodies ( for the main part of a page - which doesn't include things
like nav bars ). I then set the following in my httpd.conf:
<Files ~ "\.epf$">
Order allow,deny
Deny from all
Satisfy All
</Files>
<Files ~ "\.epb$">
Order allow,deny
Deny from all
Satisfy All
</Files>
so that none of those can be visible - you have to go through the .epl
page which Executes the .epf and .epb's. Given that .epf and .epb
outnumber .epl in our source try by something like 20:1 a single
"hidden" directory wouldn't buy us too much.
Might not apply to your situation, but it /is/ another alternative.
Erik
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
