Hi,
I have a couple of questions regarding setting permissions for how the public may access a file, and also how PHP may access files when executed publicly from the web root that do not reside within my web root directory.
I have a large series of '.inc' files in my project which contain PHP classes that implement my site's functionality (PHP5).
These '.inc' files are currently in the '/inc/' directory on my web root, so any PHP scripts on root get accessed via "include 'inc/myinclude.inc'".
The trouble is, when I place these files into IE/FireFox manually, they show up as text (I've sorted this out using .htaccess), and also, some of them contain sensitive information such as database passwords, which I certainly do not want to end up in the hands of the wrong types of people.
Can I either
(a) Place these .inc files outside of my webroot, for example in another directory on the same level of the hierarchy as webroot, leading to me including files using '../inc/myinclude.inc' - and would these .inc files then definitely be out of the hands of people viewing the site publicly, or:
(b) Restrict read access using permissions for the 'inc' directory in my webroot, without restricting access via PHP.
Many thanks
Setting access permissions
Moderator: General Moderators
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
both (a) and (b) are possible, and good suggestions!
your .htaccess can deny http access to certain file types, and php includes local filenames: include('../inc/something.inc'); will work, but be mindful of your PWD. For example you can use include($_SERVER['DOCUMENT_ROOT'].'../inc/something.inc');
your .htaccess can deny http access to certain file types, and php includes local filenames: include('../inc/something.inc'); will work, but be mindful of your PWD. For example you can use include($_SERVER['DOCUMENT_ROOT'].'../inc/something.inc');