In another thread [How do you protect individual files], Justin French

"In real short, you want to store the files outside your htdocs root (so
can't be served by http) . . ."

My PHP setup serves files from DOCUMENT_ROOT=/var/www/html. If I place files
in '/var/www/html/secure' would this provide any isolation for file access?
Am I correct in thinking that 'below' is not the same as 'outside' doc_root,
and that i this case, no protection would be afforded?

Yes, and no. 'Secure' is below the root and is therfore less protected.
However, you can still use .htaccess directives to control the 'secure'
directory much more closely. The path could be hacked, but if there is a
requirement to login to that folder (because of .htaccess directives) then
the hacker will still have to come up with appropriate authentication.

If the root is /var/www/html then outside of the root could be
/var/www/secure so that the path cannot be hacked from the browser, but you
should still apply appropriate restrictions.



* Texas PHP Developers Conf  Spring 2003                  *
* T Bar M Resort & Conference Center                      *
* New Braunfels, Texas                                    *
* San Antonio Area PHP Developers Group                   *
* Interested? Contact [EMAIL PROTECTED] *

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to