[snip] In another thread [How do you protect individual files], Justin French stated:
"In real short, you want to store the files outside your htdocs root (so they can't be served by http) . . ." My PHP setup serves files from DOCUMENT_ROOT=/var/www/html. If I place files in '/var/www/html/secure' would this provide any isolation for file access? Am I correct in thinking that 'below' is not the same as 'outside' doc_root, and that i this case, no protection would be afforded? [/snip] Yes, and no. 'Secure' is below the root and is therfore less protected. However, you can still use .htaccess directives to control the 'secure' directory much more closely. The path could be hacked, but if there is a requirement to login to that folder (because of .htaccess directives) then the hacker will still have to come up with appropriate authentication. If the root is /var/www/html then outside of the root could be /var/www/secure so that the path cannot be hacked from the browser, but you should still apply appropriate restrictions. HTH! Jay *********************************************************** * Texas PHP Developers Conf Spring 2003 * * T Bar M Resort & Conference Center * * New Braunfels, Texas * * San Antonio Area PHP Developers Group * * Interested? Contact [EMAIL PROTECTED] * *********************************************************** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
