Page 1 of 1

a bit of confusion re: doc_root and user_dir

Posted: Thu Nov 05, 2009 3:11 pm
by royhb
I have some scripts that are executed via url (server is apache).
I also have a php script that does some defines and initialises some variables that contain info about a local mysql server - hostname, login name, password, etc) that are required by the scripts. I 'require' the initialisation script within the user scripts.

my web server home is /var/www and the scripts live in /var/www/userdir/phpscripts

I have placed the initialisation script at /var/initscript.

If I set doc_root to /var then I can load the init script as an include or require in the user scripts. If I set doc_root to /var/www then I can't access the init script (as expected).

The question is, what is best practice for including/requiring scripts or data files that contain sensitive data? I suspect it is unsafe to set doc_root to /var as presumably that would allow a nasty to access other files above my web root. Is there some way that I can set doc_root to /var/www while still allowing access to a specific directory or file that lives above/outside doc_root ?

Re: a bit of confusion re: doc_root and user_dir

Posted: Thu Nov 05, 2009 3:42 pm
by AbraCadaver
Why won't this work (works for me)? What error do you get?

/var/www/userdir/phpscripts/test.php

Code: Select all

include("/var/initscript/init.php");
--or--

Code: Select all

ini_set('include_path', ini_get('include_path') . ':/var/initscript');
include("init.php");
-Shawn