If they don't allow you to store the file outside (above) the public_html
directory, then you may want to try the following:

- name your password files with .inc extension
- a .htaccess file (assuming apache) to Deny all requests for *.inc files
from the server

This means that any file you name .inc will cannot be served to the browser
via http... it just spits out an error (500 I think).

This is a copy of my .htaccess file, stored at the top of my document root

<Files ~ "\.inc$">
    Order Allow,Deny
    Deny from all

As far as USING the password.inc file, just include() it in all your PHP
scripts that require it.

If your ISP doesn't allow you to use .htaccess files in this way, AND can't
provide you with a directory outside the document root for placing sensitive
files, then I'd recommend switching hosts, because they clearly don't have
an understanding of what you need.

FYI, having a .htaccess file, or storing items above your doc root WILL NOT
PREVENT other users on the server accessing your files.  You need to ask
your ISP what sort of prevention methods they have in place for preventing
another user on your server gaining access to your files.

Justin French

on 24/07/02 1:07 PM, Sailom ([EMAIL PROTECTED]) wrote:

> I bought a web host service from a company named easyspace.com.  I have
> tried to ask them this question many times but until now there is no
> response from them at all.
> According to the security issue of placing password in script I brought up
> days ago, some one on this news group suggested me to place such script in
> directory above %public_html directory.  The problem is I do not know how to
> access such directory.  Is it because the service I bought does not allow me
> to do it? or if it is accessible, how to do it?
> I know this is a silly question but please help me.
> Sailom

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to