Read this -- it got me well and truely pointed in the right direction
http://zend.com/zend/trick/tricks-august-2001.php
Justin
On Friday, July 18, 2003, at 01:36 AM, Juan Nin wrote:
I need to do the same and a .htacces file would not suite the problem
I need to do as yahoogroups does
When you
Maria Garcia Suarez <[EMAIL PROTECTED]> wrote:
> Hi there!
>
> I'm developing an application to which you can upload
> files. Right now the destination folder of those files
> is at /public_html/files which makes them visible from
> the internet.
>
> I thought of putting that ./files/ folder outs
I need to do the same and a .htacces file would not suite the problem
I need to do as yahoogroups does
When you upload a file to the Files section, it send by default an e-mail to
the group members with a link to the file
When you click on the link, you're sent to a login page, and after login in
Petre Agenbag wrote:
If you place files inside a webfolder, then they are publicly
accessible, period.
Not true. .htaccess turns a "public" directory into a "private"
directory. Even if you know the path and filename you want, without an
accepted username/password, you're not getting the file.
If you place files inside a webfolder, then they are publicly
accessible, period.
They might not be obvious, ie. you would have to guess that there are
files in a specific folder AND know the exact name of the file, but if
you do happen to guess correct, then the files are downloadable.
There are
Place a .htaccess in the files directory denying all access to it, and also
possibly redirecting them to a login page. However since your users should
never know about the files/ directory there is no real point :)
Then code a PHP script to serve the files just in the same way you would if
they we
If the script is readable by the web server (which it must be in order
to be parsed) and the web server only runs as one user (which it usually
does) then your scripts will be readable by other users on the same
server and anyone with command line or telnet/ssh access will have at
least read-only s
I wonder though, if they're on a the same server but different sites. Like a
shared host environment. Aw the things the bewilder the mind.
Nate
"Bryan Lipscy" <[EMAIL PROTECTED]> wrote in message
01c2d710$81a68e20$6301a8c0@ukiuki">news:01c2d710$81a68e20$6301a8c0@ukiuki...
> That is called
That is called Cross-Site Scripting (XSS).
I have not been able to get access to the variables via an XSS exploit.
It appears that Apache renders the php code before sending off the
requesting include function.
I also like the .htaccess way of preventing user access to the scripts.
This is also wo
Just something that crossed my mind a few times. What if another website
includes this file in their own php page. That site can't access those
variables can they? (I'm sure PHP wouldn't allow that but I need to put this
curiousity to rest)
Nate
"Bryan Lipscy" <[EMAIL PROTECTED]> wrote in message
L PROTECTED]>
Sent: Monday, February 17, 2003 5:40 PM
Subject: Re: [PHP] Protecting files
> My preference
>
> 1. if possible, store the files above your public_html directory (doc
> root)... this means they cannot be over http:// by apache, if that isn't
> possible:
>
&g
My preference
1. if possible, store the files above your public_html directory (doc
root)... this means they cannot be over http:// by apache, if that isn't
possible:
2. use .htaccess to either block the entire directory of includes, or all
*.inc files, or whatever you think is best. Personally,
Try putting your files config files in a directory outside of the root
web directory and access the files via the include_path directive in the
php.ini file.
If you dont have access you can add create a .htaccess file or set the
configuration in a php script that is run before your other scripts.
CAPS
>How can I protect my php files among other files like templates
>(.inc) and mysql config (config.inc) files being copied/read/imported
>(front page)/used by other applications other than my site...
>can this be done by htaccess? is so , could anyone point me into right
>direction?
I have
>How can I protect my php files among other files like templates
>(.inc) and mysql config (config.inc) files being copied/read/imported
>(front page)/used by other applications other than my site...
>can this be done by htaccess? is so , could anyone point me into right
>direction?
I have ren
>How can I protect my php files among other files like templates
>(.inc) and mysql config (config.inc) files being copied/read/imported
>(front page)/used by other applications other than my site...
>can this be done by htaccess? is so , could anyone point me into right
>direction?
I have ren
If you want to hide the content of an .inc or other file that contains PHP
code simply rename it with a .php
ie: config.inc becomes config.inc.php
the server will parse the file as PHP now and not allow users to download
it...
Alternatively you can protect a directory with a .htaccess file if yo
On Mon, 17 Feb 2003 15:32:31 -0600 (CST), Greg Donald
<[EMAIL PROTECTED]> wrote:
On Mon, 17 Feb 2003, PR wrote:
How can I protect my php files among other files like templates
(.inc) and mysql config (config.inc) files being copied/read/imported
(front
page)/used by other applications other t
On Mon, 17 Feb 2003, PR wrote:
>How can I protect my php files among other files like templates
>(.inc) and mysql config (config.inc) files being copied/read/imported (front
>page)/used by other applications other than my
>site...
>
>can this be done by htaccess? is so , could anyone point me int
> I have some files off of the web root which I'd like to be able to
serve
> up
> to users (*.doc, *.xls). I know I can do this with header(), but how
do I
> reference a file that's outside of the webroot? Thanks!
You can use an absolute or relative path, just like any other reference.
Send the
On Monday 29 October 2001 07:37 am, you wrote:
> what is the script that was mentioned a while back that you use to
> allow apache access to a directory that has all world/group access
> turned off. I
php-cgiwrap.
--kurt
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mai
21 matches
Mail list logo
