--On Monday, September 15, 2003 15:27:45 -0500 Jonathan Villa <[EMAIL PROTECTED]> wrote:

Interesting... how does this fair concerning security? So I'll have to have this file located in my document root, is this a good thing? My current directory structure consists of several files located outside the doc root. I guess I could always include it onto a page

Unfortunately command-line fetch programs seldom provide a clean method for providing authentication info; so you probably can't just restrict access to that script based on a userid/password. (You might be able to do something with SSL and client certificates; but then you need to either buy a client cert or figure out how to set up a private certificate authority...)

So, put it in a separate directory under ServerRoot and set up a name based virtual host with an Alias to provide access to that dir. Set the virtual host to reject connections from anything except your local host.

Or use the same hostname; but have your VirtualHost listen on
a non-standard port.  Then your firewall can help block outside
access to that port.

How much that improves security depends on how you have that machine set up. If you are the only one with shell access; it's probably acceptably good. If untrusted people have shell access; then it's not much better than just sticking it in your datadir and hoping that nobody figures out its URL.


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to