No... Even Worse...and much stupider ;)
The php folder I was using for the test project [within the document
root] did not have ANY htaccess protection
He just opened up the folder in the browser.
That folder had an old version of my 'crucial_smil_functions.php' script
He got access to that
The real 'crucial_smil_functions.php ' script is outside the
document root
/home/siren/includes/crucial_smil_ functions.php
the script within the doument root that accesses the above:
/home/siren/www/siren/reel/Library/php/smil.php
kind of like building a fort and forgetting to lock the front door
g
On Oct 15, 2005, at 3:04 AM, Chris Shiflett wrote:
Graham Anderson wrote:
my htaccess file for the folder containing the php script was not
set properly
What does that mean? Are you telling us that /home/siren/includes/
is within document root? If it's not, do you link to it from within
document root?
Do not store includes within document root. Using .htaccess can
prevent the direct access, but you're still taking an unnecessary
risk.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
