I have some scripts that are executed via url (server is apache).
I also have a php script that does some defines and initialises some variables that contain info about a local mysql server - hostname, login name, password, etc) that are required by the scripts. I 'require' the initialisation script within the user scripts.
my web server home is /var/www and the scripts live in /var/www/userdir/phpscripts
I have placed the initialisation script at /var/initscript.
If I set doc_root to /var then I can load the init script as an include or require in the user scripts. If I set doc_root to /var/www then I can't access the init script (as expected).
The question is, what is best practice for including/requiring scripts or data files that contain sensitive data? I suspect it is unsafe to set doc_root to /var as presumably that would allow a nasty to access other files above my web root. Is there some way that I can set doc_root to /var/www while still allowing access to a specific directory or file that lives above/outside doc_root ?
a bit of confusion re: doc_root and user_dir
Moderator: General Moderators
- AbraCadaver
- DevNet Master
- Posts: 2572
- Joined: Mon Feb 24, 2003 10:12 am
- Location: The Republic of Texas
- Contact:
Re: a bit of confusion re: doc_root and user_dir
Why won't this work (works for me)? What error do you get?
/var/www/userdir/phpscripts/test.php
--or--
-Shawn
/var/www/userdir/phpscripts/test.php
Code: Select all
include("/var/initscript/init.php");Code: Select all
ini_set('include_path', ini_get('include_path') . ':/var/initscript');
include("init.php");mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.