Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: phranque
I want to store a key in a file and keep it protected. I don't wish to password protect it b/c it is assumed that users on the shared server will already have access to the DB info and there is no way of getting around that.
What should do the trick is a .htaccess file that can reject users coming from anywhere but a specific URL like [mysite.com...] Unfortunately I'm a n00b when it comes to .htaccess. Is this possible?
FYI, a 700 directory owned by the webserver will be created and the file with the key placed within. This will lock out any users other than the webserver. The purpose of the .htaccess will be to stop the clever folks that know to simply fopen in PHP to look at anything owned by the webserver. The sensitive code in access.php is already locked down.
p.s. I strongly recommend using phpBB for forum software, but I'm biased :p
This thread [webmasterworld.com] will get you started I think. Pay attention to the <Limit GET> suggestions since I think this approach will do the job for you.
Post your solution and our regulars are usually happy to help you debug it!