At 4:56 PM -0500 4/13/07, Richard Lynch wrote:
Put the files outside the webtree, and have a PHP script that controls
access and is your gate-keeper.
Richard:
How secure is this:
http://sperling.com/a/pw
There are seven files there, namely:
http://sperling.com/a/pw/.htaccess
http://sperling.com/a/pw/a.php
http://sperling.com/a/pw/b.php
http://sperling.com/a/pw/auth.php
http://sperling.com/a/pw/index.php
http://sperling.com/a/pw/girl.gif <-- not protected.
http://sperling.com/a/pw/girl.jpg <-- protected, but well worth the effort.
Are any of these files accessible, even when you know the path? And
by "accessible" I mean can you obtain any information that the files
contain?
For example, if I were to tell people to store their user id and
password in a configuration php file with a known path, would it be
safe? I realize that if the server is breached then nothing is safe,
but barring that -- how safe would that be?
Thanks,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
