Re: [PHP] Accessing upper directory of public_html directory
On Wed, 24 Jul 2002, Justin French wrote: If your ISP doesn't allow you to use .htaccess files in this way, AND can't provide you with a directory outside the document root for placing sensitive files, then I'd recommend switching hosts, because they clearly don't have an understanding of what you need. It's possible they put each of their customer in a chroot jail, in which case - barring gross mistakes on the part of the customer - keeping the password in a .php file in the docroot is quite secure. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Accessing upper directory of public_html directory
I bought a web host service from a company named easyspace.com. I have tried to ask them this question many times but until now there is no response from them at all. According to the security issue of placing password in script I brought up days ago, some one on this news group suggested me to place such script in directory above %public_html directory. The problem is I do not know how to access such directory. Is it because the service I bought does not allow me to do it? or if it is accessible, how to do it? I know this is a silly question but please help me. Sailom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Accessing upper directory of public_html directory
I bought a web host service from a company named easyspace.com. I have tried to ask them this question many times but until now there is no response from them at all. According to the security issue of placing password in script I brought up days ago, some one on this news group suggested me to place such script in directory above %public_html directory. The problem is I do not know how to access such directory. Is it because the service I bought does not allow me to do it? or if it is accessible, how to do it? Just use include() or require() to include the file into your script. You can provide a full path to the file (above the web root) or use a relative path according to the file that's doing the including. Say you using a script in your webroot and you want to include a db.php file that's in an include/ directory above your web root. You can use: include(/home/full/path/to/your/dir/include/db.php); Or include(../include/db.php); ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Accessing upper directory of public_html directory
If they don't allow you to store the file outside (above) the public_html directory, then you may want to try the following: - name your password files with .inc extension - a .htaccess file (assuming apache) to Deny all requests for *.inc files from the server This means that any file you name .inc will cannot be served to the browser via http... it just spits out an error (500 I think). This is a copy of my .htaccess file, stored at the top of my document root (public_html): Files ~ \.inc$ Order Allow,Deny Deny from all /Files As far as USING the password.inc file, just include() it in all your PHP scripts that require it. If your ISP doesn't allow you to use .htaccess files in this way, AND can't provide you with a directory outside the document root for placing sensitive files, then I'd recommend switching hosts, because they clearly don't have an understanding of what you need. FYI, having a .htaccess file, or storing items above your doc root WILL NOT PREVENT other users on the server accessing your files. You need to ask your ISP what sort of prevention methods they have in place for preventing another user on your server gaining access to your files. Justin French on 24/07/02 1:07 PM, Sailom ([EMAIL PROTECTED]) wrote: I bought a web host service from a company named easyspace.com. I have tried to ask them this question many times but until now there is no response from them at all. According to the security issue of placing password in script I brought up days ago, some one on this news group suggested me to place such script in directory above %public_html directory. The problem is I do not know how to access such directory. Is it because the service I bought does not allow me to do it? or if it is accessible, how to do it? I know this is a silly question but please help me. Sailom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
