Welcome to WebmasterWorld Guest from 50.16.78.128

Forum Moderators: phranque

Message Too Old, No Replies

locking down file access in a shared env

   
7:46 pm on Aug 28, 2003 (gmt 0)

10+ Year Member



Hello WebmasterWorld ;)

I want to store a key in a file and keep it protected. I don't wish to password protect it b/c it is assumed that users on the shared server will already have access to the DB info and there is no way of getting around that.

What should do the trick is a .htaccess file that can reject users coming from anywhere but a specific URL like [mysite.com...] Unfortunately I'm a n00b when it comes to .htaccess. Is this possible?

FYI, a 700 directory owned by the webserver will be created and the file with the key placed within. This will lock out any users other than the webserver. The purpose of the .htaccess will be to stop the clever folks that know to simply fopen in PHP to look at anything owned by the webserver. The sensitive code in access.php is already locked down.

Thank you!
-Nuttzy ;)

p.s. I strongly recommend using phpBB for forum software, but I'm biased :p

2:08 am on Sep 1, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Welcome to WebmasterWorld Nuttzy99! :)

This thread [webmasterworld.com] will get you started I think. Pay attention to the <Limit GET> suggestions since I think this approach will do the job for you.

Also, check out Apache's .htaccess howto [httpd.apache.org] and specifics on all of the Apache directives is here [httpd.apache.org].

Post your solution and our regulars are usually happy to help you debug it!

 

Featured Threads

Hot Threads This Week

Hot Threads This Month