Page 1 of 1

require() denial

Posted: Sat Nov 15, 2003 3:47 pm
by EricS
I have a configuration file I use with all my applications. This configuration file has things like physical paths but it also has things like Database usernames and passwords in it.

Now some of the hosting companies my clients use will not allow me to store files outside the document root. So I obviously want to protect that file from being included by mischievious coders.

How can I keep outside scripts from calling this file.

Thanks for everything.

Posted: Mon Nov 17, 2003 2:45 am
by twigletmac
Get it to check which server it's being called from - you'll probably find a number of things in $_SERVER which you could use. There's also the storing the file in a strangely named directory approach (i.e. not putting it in an includes directory) and giving the file itself an unobvious name.

Mac

Posted: Mon Nov 17, 2003 8:56 am
by EricS
Thanks Twig,

I had a feeling there probably wasn't any guaranteed way to do it. But I appreciate the advice.