tags:

views:

139

answers:

2
Q: 

I want to make my txt file safe.

Current status. I have to set 606 for my foobaa.txt.

I wrote a php code, that read and write foobaa.txt,

and I want to make the permission of the foobaa.txt as 600.

But when I tested 600, the PHP code can not read and write foobaa.txt.

so I changed to 606 the foobaa.txt, then my PHP code can read and write the foobaa.txt.

this is problom, because

when someone put

ttp://blabla.foobaa.com/foobaa.txt

directly, then he can see the contents of the foobaa.txt.

This is security hole.

so I want to make 600 for the permission of the foobaa.txt, but if I do so, then the php code can not read and write foobaa.txt.

I think the admin can modify some apatch settings for we can set the txt file's permission as 600.

or do I have to do some other things?

like .htaccess or something.

+2  A: 

You could restrict access through .htaccess:

<Files foobaa.txt>
    Deny from all
</Files>

or something similar. But this isn't perfect... better would be moving the file outside your public_html (or equivalent) folder.

grawity  2009-05-29 19:11:05
oh, that's great !I completely forgot to useoutside of public_html.thanks!
 2009-05-29 19:12:43
+8  A: 

Your PHP code runs as the web server, not the user that is SSH'ing into the account and changing the permissions. So if the text file is readable by the script, it is readable by the server. You will want to control outside users' access to the file by one of a couple of methods.

  1. Put the file outside your DocumentRoot, so that the script can access it, but it's impossible to request by HTTP.

  2. Put the file in a directory with a .htaccess file that reads simply Deny From All. You could also protect the file individually, but it's likely that you'll have other, related files that should be kept private. You can just put those in the same directory.

Paul Fisher  2009-05-29 19:12:21
thanks! I got
 2009-05-29 19:27:28
"web server" means apatch?"runs as web server" measns thatmy php code runs yelling that"Hey! I am apatch! Hey! I am apatch! Hey! I am apatch!"
 2009-05-29 19:43:12
SSH = FTP?
 2009-05-29 19:43:47

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases