What level of security would this provide?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
dlgilbert
Forum Newbie
Posts: 6
Joined: Wed Jun 19, 2002 7:03 am
Location: Pennsylvania, USA
Contact:

What level of security would this provide?

Post by dlgilbert »

I'm writing an application that puts data files in a specific directory. Assuming the directory is NOT outside the web tree, would it provide an adequate level of security to put an .htaccess file in the data directory with "Deny from all" in it? There are no "web page" files in the data directory, just files that will be accessed by the application scripts.

I *can* put the data directory outside the web tree, but I've seen this done in another application and was intrigued.

Thanks for your help!
User avatar
llimllib
Moderator
Posts: 466
Joined: Mon Jul 01, 2002 2:19 pm
Location: Baltimore, MD

Post by llimllib »

To my mind, that would be secure. The only worry I have is if you switch the site's servers to one without .htaccess files - it would be more portable to be outside the web tree. Plus, if you put it outside the tree, you just don't have to worry about it.
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

My only concern, on top of llimllib's comments: does your webserver have write permission to that directory? Does your application write data to this place while its running, or is this only preloaded files by you? (This actually applies regardless of if the directory is in/out of the webtree.) If the answer to these questions is yes you just have to be extremely careful with trusting the data in the directory.
User avatar
dlgilbert
Forum Newbie
Posts: 6
Joined: Wed Jun 19, 2002 7:03 am
Location: Pennsylvania, USA
Contact:

Post by dlgilbert »

The top-level directory would be created manually and the webserver would have write access to it. The application would create subdirectories and write data files (and update them) dynamically. The same would apply if the directories were outside the web tree.

Basically, I'm using text files to store data instead of using MySQL, because the quantity of data is pretty small and I want the app to have as little dependence on other systems as possible.
Post Reply