Hi there!
I'm developing an application to which you can upload
files. Right now the destination folder of those files
is at /public_html/files which makes them visible from
the internet.
I thought of putting that ./files/ folder outside the
./public_html/ folder and make those files be only
: Thursday, July 17, 2003 2:58 PM
Subject: [PHP] Protecting files with PHP
Hi there!
I'm developing an application to which you can upload
files. Right now the destination folder of those files
is at /public_html/files which makes them visible from
the internet.
I thought of putting that ./files
If you place files inside a webfolder, then they are publicly
accessible, period.
They might not be obvious, ie. you would have to guess that there are
files in a specific folder AND know the exact name of the file, but if
you do happen to guess correct, then the files are downloadable.
There
Petre Agenbag wrote:
If you place files inside a webfolder, then they are publicly
accessible, period.
Not true. .htaccess turns a public directory into a private
directory. Even if you know the path and filename you want, without an
accepted username/password, you're not getting the file.
I need to do the same and a .htacces file would not suite the problem
I need to do as yahoogroups does
When you upload a file to the Files section, it send by default an e-mail to
the group members with a link to the file
When you click on the link, you're sent to a login page, and after login in
Maria Garcia Suarez [EMAIL PROTECTED] wrote:
Hi there!
I'm developing an application to which you can upload
files. Right now the destination folder of those files
is at /public_html/files which makes them visible from
the internet.
I thought of putting that ./files/ folder outside the
Read this -- it got me well and truely pointed in the right direction
http://zend.com/zend/trick/tricks-august-2001.php
Justin
On Friday, July 18, 2003, at 01:36 AM, Juan Nin wrote:
I need to do the same and a .htacces file would not suite the problem
I need to do as yahoogroups does
When you
Hi all,
since this has been asked a lot the last weeks I've published a nice little
script for a generic login system using the HTTP authentication method via
the 401 Unauthorized header.
It is available at http://www.vogelsinger.at/protected.html.
Its main features are:
- Protects directories
If the script is readable by the web server (which it must be in order
to be parsed) and the web server only runs as one user (which it usually
does) then your scripts will be readable by other users on the same
server and anyone with command line or telnet/ssh access will have at
least read-only
Hello,
How can I protect my php files among other files like templates
(.inc) and mysql config (config.inc) files being copied/read/imported (front
page)/used by other applications other than my
site...
can this be done by htaccess? is so , could anyone point me into right
direction?
--
Thank
On Mon, 17 Feb 2003, PR wrote:
How can I protect my php files among other files like templates
(.inc) and mysql config (config.inc) files being copied/read/imported (front
page)/used by other applications other than my
site...
can this be done by htaccess? is so , could anyone point me into
Hello Greg,
Yes, I am in a shared environment..but I do have access to chmod..
GD What kind of system is it? If it's unix you can make use of chown and
GD chmod to protect your stuff. If it's windows, I don't know.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
On Mon, 17 Feb 2003 15:32:31 -0600 (CST), Greg Donald
[EMAIL PROTECTED] wrote:
On Mon, 17 Feb 2003, PR wrote:
How can I protect my php files among other files like templates
(.inc) and mysql config (config.inc) files being copied/read/imported
(front
page)/used by other applications other
if you are
using apache.
See: http://httpd.apache.org/docs/howto/htaccess.html
-Original Message-
From: PR [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 18 February 2003 8:18 AM
To:
Subject: [PHP] Protecting files
Hello,
How can I protect my php files among other files like templates
(.inc
How can I protect my php files among other files like templates
(.inc) and mysql config (config.inc) files being copied/read/imported
(front page)/used by other applications other than my site...
can this be done by htaccess? is so , could anyone point me into right
direction?
I have renamed
How can I protect my php files among other files like templates
(.inc) and mysql config (config.inc) files being copied/read/imported
(front page)/used by other applications other than my site...
can this be done by htaccess? is so , could anyone point me into right
direction?
I have renamed
CAPS
How can I protect my php files among other files like templates
(.inc) and mysql config (config.inc) files being copied/read/imported
(front page)/used by other applications other than my site...
can this be done by htaccess? is so , could anyone point me into right
direction?
I have
Try putting your files config files in a directory outside of the root
web directory and access the files via the include_path directive in the
php.ini file.
If you dont have access you can add create a .htaccess file or set the
configuration in a php script that is run before your other scripts.
My preference
1. if possible, store the files above your public_html directory (doc
root)... this means they cannot be over http:// by apache, if that isn't
possible:
2. use .htaccess to either block the entire directory of includes, or all
*.inc files, or whatever you think is best.
] Protecting files
My preference
1. if possible, store the files above your public_html directory (doc
root)... this means they cannot be over http:// by apache, if that isn't
possible:
2. use .htaccess to either block the entire directory of includes, or all
*.inc files, or whatever you think
Just something that crossed my mind a few times. What if another website
includes this file in their own php page. That site can't access those
variables can they? (I'm sure PHP wouldn't allow that but I need to put this
curiousity to rest)
Nate
Bryan Lipscy [EMAIL PROTECTED] wrote in message
That is called Cross-Site Scripting (XSS).
I have not been able to get access to the variables via an XSS exploit.
It appears that Apache renders the php code before sending off the
requesting include function.
I also like the .htaccess way of preventing user access to the scripts.
This is also
I wonder though, if they're on a the same server but different sites. Like a
shared host environment. Aw the things the bewilder the mind.
Nate
Bryan Lipscy [EMAIL PROTECTED] wrote in message
01c2d710$81a68e20$6301a8c0@ukiuki">news:01c2d710$81a68e20$6301a8c0@ukiuki...
That is called
Hello,
I have some files off of the web root which I'd like to be able to serve up
to users (*.doc, *.xls). I know I can do this with header(), but how do I
reference a file that's outside of the webroot? Thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
I have some files off of the web root which I'd like to be able to
serve
up
to users (*.doc, *.xls). I know I can do this with header(), but how
do I
reference a file that's outside of the webroot? Thanks!
You can use an absolute or relative path, just like any other reference.
Send the
Hi
what is the script that was mentioned a while back that you use to
allow apache access to a directory that has all world/group access
turned off. It think the discussion was protecting mysql information
on a shared server.
I know this is a popular topic, sorry. I did check the archives but
On Monday 29 October 2001 07:37 am, you wrote:
what is the script that was mentioned a while back that you use to
allow apache access to a directory that has all world/group access
turned off. I
php-cgiwrap.
--kurt
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
27 matches
Mail list logo