I'm trying to make some part of my website password protected. Schedules, client infos, etc.
My idea is to build a skeleton page and include the content from a folder. The content inc filename would be saved in a database and pulled for a specific user.
Because the php part of my code cannot be viewed, the directory should be safe as long as I don't provide a link to download any files from there.
Am I right?
Thanks.
is this secure?
Moderator: General Moderators
I believe that's called Security through Obscurity. I find it to be bad practice. People may not be able to find the files... but they are out in the open regardless.
- speedy33417
- Forum Contributor
- Posts: 128
- Joined: Sun Jul 23, 2006 1:14 pm
this question comes up a lot and i think (if im right) that it wouldnt really matter where you put the file because as long as its php data,it will be parsed and if it does not echo anything,you shouldnt leak anything.
to my knowelge if i were to put that into a file and then try to access it from my broswer,it would just bring up a white blank window
Code: Select all
<?php
mysql_connect(host,user,pass);
?>if you have reason to protect it, protect it. If you want anyone to have access to it: don't.
http://www.php.net/features.http-auth
http://www.php.net/features.http-auth