Setting access permissions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Setting access permissions

Post by mjseaden »

Hi,

I have a couple of questions regarding setting permissions for how the public may access a file, and also how PHP may access files when executed publicly from the web root that do not reside within my web root directory.

I have a large series of '.inc' files in my project which contain PHP classes that implement my site's functionality (PHP5).

These '.inc' files are currently in the '/inc/' directory on my web root, so any PHP scripts on root get accessed via "include 'inc/myinclude.inc'".

The trouble is, when I place these files into IE/FireFox manually, they show up as text (I've sorted this out using .htaccess), and also, some of them contain sensitive information such as database passwords, which I certainly do not want to end up in the hands of the wrong types of people.

Can I either

(a) Place these .inc files outside of my webroot, for example in another directory on the same level of the hierarchy as webroot, leading to me including files using '../inc/myinclude.inc' - and would these .inc files then definitely be out of the hands of people viewing the site publicly, or:
(b) Restrict read access using permissions for the 'inc' directory in my webroot, without restricting access via PHP.

Many thanks
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

It would be a better idea not to use .inc at all if you can help it.
mentor
Forum Contributor
Posts: 100
Joined: Sun Mar 11, 2007 11:10 am
Location: Pakistan

Post by mentor »

Or you can rename the .inc files as db.inc.php.
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

both (a) and (b) are possible, and good suggestions!

your .htaccess can deny http access to certain file types, and php includes local filenames: include('../inc/something.inc'); will work, but be mindful of your PWD. For example you can use include($_SERVER['DOCUMENT_ROOT'].'../inc/something.inc');
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Post by mjseaden »

Hi, thanks very much for your help.
Post Reply