i am using apache server and presently when i try accessing any folders of
my website i am able to browse the files ex = www.website.com/images which
is a serious security risk as i am building a forum website using php and
mysql.
Assuming your images are for public consumption and that that dir only
contains those images, then it's not a security risk.
in the root directory i have created a .htaccess file and whenever someone
access a file which is not on the server i have created a user friendly
message that the file does not exist instead of a 404 error message
displayed by the browser.
similar to this how can i go about restricting users to browse all my
folders in the toot directory. if anyone accesses for ex =
www.website.com/phpscripts an alert should appear asking them to enter a
username and password.
You could put this in a .htaccess file:
AuthType Basic
AuthName "Administration Area"
AuthUserFile "acl/admin.acl"
Require valid-user
acl/admin.acl is relative to the server root. You can create it using
the htpasswd command.
2. where do i write the username and password information and will this
apply to all the folders in the root directory or specific directories.
If you put that in .htaccess file, it will apply to that directory and
any subdirectories.
--
Richard Heyes
Employ me:
http://www.phpguru.org/cv
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
