I'm writing an application that puts data files in a specific directory. Assuming the directory is NOT outside the web tree, would it provide an adequate level of security to put an .htaccess file in the data directory with "Deny from all" in it? There are no "web page" files in the data directory, just files that will be accessed by the application scripts.
I *can* put the data directory outside the web tree, but I've seen this done in another application and was intrigued.
Thanks for your help!
What level of security would this provide?
Moderator: General Moderators
My only concern, on top of llimllib's comments: does your webserver have write permission to that directory? Does your application write data to this place while its running, or is this only preloaded files by you? (This actually applies regardless of if the directory is in/out of the webtree.) If the answer to these questions is yes you just have to be extremely careful with trusting the data in the directory.
- dlgilbert
- Forum Newbie
- Posts: 6
- Joined: Wed Jun 19, 2002 7:03 am
- Location: Pennsylvania, USA
- Contact:
The top-level directory would be created manually and the webserver would have write access to it. The application would create subdirectories and write data files (and update them) dynamically. The same would apply if the directories were outside the web tree.
Basically, I'm using text files to store data instead of using MySQL, because the quantity of data is pretty small and I want the app to have as little dependence on other systems as possible.
Basically, I'm using text files to store data instead of using MySQL, because the quantity of data is pretty small and I want the app to have as little dependence on other systems as possible.