On Friday 22 March 2002 01:39, Erik Price wrote: > On Thursday, March 21, 2002, at 12:22 PM, Jason Wong wrote: > > On Friday 22 March 2002 00:54, Erik Price wrote: > >> Isn't it just a matter of setting the permissions? apache can't have > >> read access to this directory, that's all. > > > > No, he doesn't want apache to *list* files in that directory but still > > to be > > able to serve files *from* that directory. > > I'm not trying to argue, I just want to make sure that *I* understand > how Apache works -- I thought that if you deny "read" access to a > directory to Apache, then it won't list the files, but as long as Apache > still has "execute" access to the directory then it should still serve > files from it. Just like using "ls" in the shell, you can read files in > a directory you cannot read, as long as you can execute the directory > and know the exact filename.
I don't know what ramifications it will have by denying apache read access to a directory. But what the poster asked for is a standard apache directive so the prudent approach would be to set this from within apache and not through the OS. > Am I wrong? I really don't know. Try it and tell us ;-) -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk /* The future isn't what it used to be. (It never was.) */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
