a bit of confusion re: doc_root and user_dir
Posted: Thu Nov 05, 2009 3:11 pm
I have some scripts that are executed via url (server is apache).
I also have a php script that does some defines and initialises some variables that contain info about a local mysql server - hostname, login name, password, etc) that are required by the scripts. I 'require' the initialisation script within the user scripts.
my web server home is /var/www and the scripts live in /var/www/userdir/phpscripts
I have placed the initialisation script at /var/initscript.
If I set doc_root to /var then I can load the init script as an include or require in the user scripts. If I set doc_root to /var/www then I can't access the init script (as expected).
The question is, what is best practice for including/requiring scripts or data files that contain sensitive data? I suspect it is unsafe to set doc_root to /var as presumably that would allow a nasty to access other files above my web root. Is there some way that I can set doc_root to /var/www while still allowing access to a specific directory or file that lives above/outside doc_root ?
I also have a php script that does some defines and initialises some variables that contain info about a local mysql server - hostname, login name, password, etc) that are required by the scripts. I 'require' the initialisation script within the user scripts.
my web server home is /var/www and the scripts live in /var/www/userdir/phpscripts
I have placed the initialisation script at /var/initscript.
If I set doc_root to /var then I can load the init script as an include or require in the user scripts. If I set doc_root to /var/www then I can't access the init script (as expected).
The question is, what is best practice for including/requiring scripts or data files that contain sensitive data? I suspect it is unsafe to set doc_root to /var as presumably that would allow a nasty to access other files above my web root. Is there some way that I can set doc_root to /var/www while still allowing access to a specific directory or file that lives above/outside doc_root ?