[PHP-DB] Re: securing directory tree and allowing PHP to work
Bmw [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am trying to find out how I can secure the directory tree of my PHP scripts from the HTTP server without preventing access to my PHP scripts once in session. Right now, if I type the URL of a subdirectory of my site, I get the index of all the files and directories. Ex: http://domaine/index.html has DB access user login and password for my session authentication to enter into my scripts and run the program. If I type http://domaine/subfolder/ I can see all the PHP code I want without logging into my site. How can I protect the server from doing this without busting access to my scripts through the login from the root level index.html? Apache/1.3.26 (Unix)/Linux mod_fastcgi/2.2.12 mod_perl/1.26 PHP 4.2.2 Robert - Original Message - From: Milan Reznicek [EMAIL PROTECTED] To: bmw [EMAIL PROTECTED] Sent: Tuesday, August 20, 2002 7:17 PM Subject: Re: [PHP-DB] securing directory tree and allowing PHP to work You could restrict autoindexing through apache's httpd.conf. Look it up in apache's manual. Milan This is not my personal web server. It is a remote ISP which provides PHP and MySQL support. I cannot control the HTTP or PHP server build configurations...They have autoindexing built into the Apache server. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 02/08/2002 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: securing directory tree and allowing PHP to work
On Tuesday 20 August 2002 16:30, bmw wrote: Bmw [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am trying to find out how I can secure the directory tree of my PHP scripts from the HTTP server without preventing access to my PHP scripts once in session. Right now, if I type the URL of a subdirectory of my site, I get the index of all the files and directories. Ex: http://domaine/index.html has DB access user login and password for my session authentication to enter into my scripts and run the program. If you goto http://domaine/ does that show http://domaine/index.html ? If I type http://domaine/subfolder/ I can see all the PHP code I want without logging into my site. How can I protect the server from doing If so, simply put in an empty index.html into the directories where you do not want people to the direcrtory listing. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* ... and furthermore ... I don't like your trousers. */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: securing directory tree and allowing PHP to work
If you are running Apache and have access to the httpd.conf file. Comment out AddModule mod_autoindex.c and restart apache. if you like this for some of your directories, then I'd follow Jason's advice. If you are using IIS or another server, I'm sure the same option is available, but I'm just not sure where. Hope this helps. Jeff Jason Wong phplist@gremli To: [EMAIL PROTECTED] ns.com.hkcc: Subject: Re: [PHP-DB] Re: securing directory tree and allowing PHP to 08/20/2002 work 10:35 AM Please respond to php-db On Tuesday 20 August 2002 16:30, bmw wrote: Bmw [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am trying to find out how I can secure the directory tree of my PHP scripts from the HTTP server without preventing access to my PHP scripts once in session. Right now, if I type the URL of a subdirectory of my site, I get the index of all the files and directories. Ex: http://domaine/index.html has DB access user login and password for my session authentication to enter into my scripts and run the program. If you goto http://domaine/ does that show http://domaine/index.html ? If I type http://domaine/subfolder/ I can see all the PHP code I want without logging into my site. How can I protect the server from doing If so, simply put in an empty index.html into the directories where you do not want people to the direcrtory listing. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* ... and furthermore ... I don't like your trousers. */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: securing directory tree and allowing PHP to work
bmw wrote: You could restrict autoindexing through apache's httpd.conf. Look it up in apache's manual. Milan This is not my personal web server. It is a remote ISP which provides PHP and MySQL support. I cannot control the HTTP or PHP server build configurations...They have autoindexing built into the Apache server. just add an .htaccess file in that directory saying no one but LOCALHOST has access to it... http://www.javascriptkit.com/howto/htaccess5.shtml -- Leo G. Divinagracia III [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php