RE: [PHP] Simple Security Clarification

2002-08-21 Thread Jay Blanchard
[snip] It's becoming clearer. But one question concerning: "the path could be hacked, but if there is a requirement to login to that folder (because of .htaccess directives) then the hacker will still have to come up with appropriate authentication." Since all sensitive files on my site require

Re: [PHP] Simple Security Clarification

2002-08-21 Thread Andre Dubuc
On Wednesday 21 August 2002 08:15 am, Jay Blanchard wrote: > [snip] > In another thread [How do you protect individual files], Justin French > stated: > > "In real short, you want to store the files outside your htdocs root (so > they > can't be served by http) . . ." > > My PHP setup serves files

Re: [PHP] Simple Security Clarification

2002-08-21 Thread Justin French
If you can't store stuff ABOVE your doc root, you can protect them with a .htaccess file. I use this to refuse all *.inc files from being served: Order Allow,Deny Deny from all With this in mind, a quick visit to the Apache site should get you started in the right direction. Justin

Re: [PHP] Simple Security Clarification

2002-08-21 Thread Stas Maximov
nt: Wednesday, August 21, 2002 1:11 PM Subject: [PHP] Simple Security Clarification > In another thread [How do you protect individual files], Justin French stated: > > "In real short, you want to store the files outside your htdocs root (so they > can't be served by http) . . .&q

RE: [PHP] Simple Security Clarification

2002-08-21 Thread Jay Blanchard
[snip] In another thread [How do you protect individual files], Justin French stated: "In real short, you want to store the files outside your htdocs root (so they can't be served by http) . . ." My PHP setup serves files from DOCUMENT_ROOT=/var/www/html. If I place files in '/var/www/html/secur

Re: [PHP] Simple Security Clarification

2002-08-21 Thread John Wards
: <[EMAIL PROTECTED]> Sent: Wednesday, August 21, 2002 1:11 PM Subject: [PHP] Simple Security Clarification > In another thread [How do you protect individual files], Justin French stated: > > "In real short, you want to store the files outside your htdocs root (so they > can&#x

[PHP] Simple Security Clarification

2002-08-21 Thread Andre Dubuc
In another thread [How do you protect individual files], Justin French stated: "In real short, you want to store the files outside your htdocs root (so they can't be served by http) . . ." My PHP setup serves files from DOCUMENT_ROOT=/var/www/html. If I place files in '/var/www/html/secure' wo