Page 1 of 1
Folder access by website only?
Posted: Fri Aug 01, 2003 7:31 pm
by Gen-ik
This is probably really simple to do but I haven't needed to do it before, and now that I do I realise I don't know how
Anyways.. how do I go about making a folder (used by the website to include files) only accessable by the website pages, and not by joe public?
I've got a sneeky feeling it's got something to do with $HTTP type stuff.
Answers or pointers always recieved with open arms

Posted: Fri Aug 01, 2003 7:35 pm
by nielsene
Do you mean protect from local users on the machine? or from random web surfers?
If the latter why not but the include files outside the web-tree? If the former you should be able to change the owner or group of the include file to the web-server and remove the "other" read access. (If *nix)
Posted: Fri Aug 01, 2003 7:54 pm
by Gen-ik
Basically what I'm trying to do is prevent JavaScript file access by anyone.
The way I'm doing it at the moment is using this in the webpage..
Code: Select all
<script language="JavaScript" src="socket.js"></script>
..and the socket.js file contains..
Code: Select all
document.write("<script language="JavaScript" src="inc/myscript.js"></script>");
..what that does is include the myscript.js file as normal but it doesn't get cached or displayed in the page.
Now it's obvious (if people look at the files) to find the location of myscript.js... which is in the inc folder. At the moment anyone can just enter the path of the file in the browser and get access to the file, but I want to make that inc folder locked and only accessible when the website page requires files from it.
I'm thinking that if I stick a username/password on the folder then I might be able to get PHP to tell the folder the username and password when it accesses it... thus allowing access to the files by the web page and not by joe public.
Hope that makes sense

Posted: Fri Aug 01, 2003 8:03 pm
by nielsene
Hmm, I think I understand what you're asking. However its outside my area of experience. (Don't do javascript). I know that the src=part must be within the webtree so that kills the one idea I listed above.
Good luck.