Hello Melanie, The simplest way to do it - name your files db_connections.inc.PHP. then this files will be parsed by the server and since they don't generate any output (or do they?) user will be presented with a blank page. If they do generate an output, all vars will be hidden. If you use .ini files to store connection information then add a comment line in the beginning and add a php extension to it, so the file looks like this:
;// Connection configuration file. ; <?php die(); ?> [MySQL] database = ... etc parse_ini_file will skip the comment line, and if the file is called directly it will show only text that was before a call was made to die(); Of course you can .htaccess directory, but then you definitely need to rearrange directory structure, because all directories inside of .htaccess protected dir will be protected as well. Hope that helps! P.S. Your config files still CAN be readable, but it will be much, much harder now and it requires access to a web server on which files are located... (to keep you paranoia growing :)) Friday, August 16, 2002, 2:33:14 PM, you wrote: MP> Hi MP> My current site is constructed as MP> root MP> root/connections MP> root/books MP> with connections holding the db connections inc files for the php MP> scripts MP> and MP> books holding all the scripts and image directories etc MP> I would like to prevent the connections directory from being MP> downloaded/accessed for obvious reasons. MP> It seems I can prevent access by http:// via my hosting service MP> passwording the directory but this doesn't seem to protect against MP> website nabber programs such as black widow and the rest (or does MP> it?). Some guidance would be much appreciated. Should I construct the MP> site layout differently perhaps? Maybe put the connection directory MP> in its own subdomain? MP> regards MP> Melanie MP> (growing more paranoid the more I get into this web site security MP> issue) -- Best regards, German mailto:[EMAIL PROTECTED] ICQ:48533867 MSN: [EMAIL PROTECTED] AIM: CreepyRunneR ____ � The WDVL Discussion List from WDVL.COM � ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
