file access

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
SidewinderX
Forum Contributor
Posts: 407
Joined: Fri Jul 16, 2004 9:04 pm
Location: NY

file access

Post by SidewinderX »

sweet, my script finally works with no errors! But now that the script is done i would like to fix some security issues. My first question is how do i restrict access to a file? for example config.php. Although the only data in there is stored as variables I would like it so if someone points to the file they get a message like "Sorry, You cannot access this file directley."
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

what I do on my sites is

Code: Select all

define('IN_SITE',true);
include('config.php');

Code: Select all

if !defined('IN_SITE') {
  exit('You cannot access this file directly');
}
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

I place them outside the pubwww directory.
Post Reply