Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies

locking down file access in a shared env

7:46 pm on Aug 28, 2003 (gmt 0)

New User

10+ Year Member

joined:Aug 28, 2003
votes: 0

Hello WebmasterWorld ;)

I want to store a key in a file and keep it protected. I don't wish to password protect it b/c it is assumed that users on the shared server will already have access to the DB info and there is no way of getting around that.

What should do the trick is a .htaccess file that can reject users coming from anywhere but a specific URL like [mysite.com...] Unfortunately I'm a n00b when it comes to .htaccess. Is this possible?

FYI, a 700 directory owned by the webserver will be created and the file with the key placed within. This will lock out any users other than the webserver. The purpose of the .htaccess will be to stop the clever folks that know to simply fopen in PHP to look at anything owned by the webserver. The sensitive code in access.php is already locked down.

Thank you!
-Nuttzy ;)

p.s. I strongly recommend using phpBB for forum software, but I'm biased :p

2:08 am on Sept 1, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 21, 1999
votes: 0

Welcome to WebmasterWorld Nuttzy99! :)

This thread [webmasterworld.com] will get you started I think. Pay attention to the <Limit GET> suggestions since I think this approach will do the job for you.

Also, check out Apache's .htaccess howto [httpd.apache.org] and specifics on all of the Apache directives is here [httpd.apache.org].

Post your solution and our regulars are usually happy to help you debug it!


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members