Reputation: 1230
How to make a folder which contains php scripts into a private folder?
Not sure how to better phrase the title.
We have an iOS game which connects with a MySQL database on our VPS via PHP. Now we don't know a great deal about the server side of things, so we got it all working, the game is released and people are able to update their scores etc.
The problem is that the only way we were able to get it all to work was to put our game directory into our public_html directory. This means that if anyone types www.ourwebsitename/gamefoldername into a browser they get the index of that folder. If you click one of the folders in there, it actually returns a table with all of the data in our database, which is obviously not secure.
Is there a way to make this directory private, and if so how would this affect our app when it tries to connect to the server?
Upvotes: 0
Views: 1848
Answers (3)
Reputation: 1004
Making the folder private would require your app to provide authentication in order to access the pages. Many web servers provide built-in privacy options for folders (Using .htaccess files to hide folder contents is a start). How much effort you want to put into protecting this data is only limited by time and your skills as a developer.
If the data you're holding on to is not that valuable, nothing stops you from placing a simple conditional if( $_POST["auth"] != XXXXX ) (or you could use GET) at the top of your PHP files which serve your database and then modifying your HTTP requests on your app to provide said key when making requests.
Upvotes: 1
Reputation: 391
There are alots of way to prevent this :
Some are below.
1) Put a index.php in this and every folder www.ourwebsitename/gamefoldername and this file should redirect the user who provide this url to main/login page. This is simple but not a great way.
2) Use . ht access file http://www.htaccess-guide.com/redirects/ . Please get details from here.
Upvotes: 3
Reputation: 91742
If your app accesses the server via normal http requests that means that anybody could do the same from a browser.
You need to make sure that all pages are behind a login system so that only authenticated users have the permissions to do what they can also do from the app itself.
That would seem the easiest way to go if you don't know a lot about the server side of things.
Upvotes: 1
Related Questions
- how to restrict access to directory so I can run php scripts from browser
- Where to store files on server so they are not accessible through a browser?
- Restrict PHP's file system access to a folder
- Private folder in PHP?
- make folder secure in php
- PHP Apache - How do I create a secure working directory, invisible to web
- Creating and accessing a private folder on my server
- Protect folder from remote access in PHP
- PHP protect a folder
- Folder security?