Reputation: 764
Securing a text file in a website folder
I have several folders in my website directory which contains textfiles called "secure.txt". For security reasons the URL of these files are never shown in the webbrowser but my website searches for these files (PHP code), which contains sensitive information.
How can I make the PHP code allowed to read these files but restrain access through the url, so a potential hacker wouldn't be able to read the content of these files?
Upvotes: 0
Views: 1352
Answers (6)
Reputation: 65274
Old trick for that: Prefix the files with <?php die("I'm a fraid I can't do that, Jim"); ?>, and call them *.php. On parsing, ignore the prefix.
Edit
Why do this? The rationale behind it is, that you avoid a dependency on some special webserver configuration, which acn be forgotten (on moving to a new server), unavailable (many cheap hosts don't give you .htaccess), not applicable to some webserver software (IIS) etc.
So the reasoning is to trade some computational overhead against flexibility, portability and platform independence.
Upvotes: 1
Reputation: 5651
put them out side your document root folder and place the following .htaccess file in the folder you want to protect. Also if you don't want to access it through a particular IP remove the last line.
order deny, allow
deny from all
allow from 192.168.0
[EDIT:] To allow php scripts, etc. allow localhost (127.0.0.1)
order deny, allow
deny from all
allow from 127.0.0.1
Upvotes: 2
Reputation: 27525
If you use Apache, deny access to all files named secure.txt from within httpd.conf:
<Files secure.txt>
deny from all
</Files>
You may do the same via .htaccess files as well (if your server is configured to allow override access rights from htaccess).
But a better solution would be to include the sensitive information into your PHP scripts themselves, or to store it in a database.
Upvotes: 0
Reputation: 779
I'd suggest moving the files out of the webroot to be on the safe side
Upvotes: 0
Reputation: 1375
Can you move them out of your website directory altogether? If so, then make sure PHP has access to that directory! (The open_basedir value will need to include it.)
Upvotes: 0
Reputation: 7034
You should put them in another folder and make the .htaccess deny from all, allow from 127.0.0.1
Upvotes: 1
Related Questions
- Securing php files on my website
- How to secure a php file
- PHP writing to a text file on server
- How to deny the web access to txt file?
- PHP secure writing to a text file?
- PHP make file only available in code
- How can I protect files in a folder in a PHP site?
- Make a secure file that PHP can read?
- PHP file security on webserver
- How to protect files from outside?