| Stuarty |
| (regular) |
| Wed Mar 26 2008 12:45 PM |
|
Protection to Directory
|
Hi all, Just a quick one here. I have a folder to which i have designed a logon page using php which then verifies users on my server database. This is where the problem lies, when you type the directory you get the Index directory to which others can open my php scripts and access my server database. How do i protect this or stop anyone viewing it
| Stuarty |
| (regular) |
| Wed Mar 26 2008 03:42 PM |
|
|
|
Re: Protection to Directory
|
Just to let everyone know i have managed to resolve my problem myself as i edited the folder in my directory and removed the permissions for "Everyone" to view.
Cheers
Stuarty
| Zippy_Brown |
| (regular) |
| Wed Mar 26 2008 11:10 PM |
|
Re: Protection to Directory
|
Another good idea is to upload a blank index.html or index.php file. This will force a blank page to be displayed rather than the file contents.
You can also upload a .htaccess file with the following line, which will still allow the contents page to show, but it would be empty (prevents the files from appearing):
Code:
IndexIgnore *
Quote:
when you type the directory you get the Index directory to which others can open my php scripts and access my server database.
If you upload these to a webserver with php installed, then visitors will not see the content of the php scripts, as it will be parsed by the server.
Additionally, you should make sure any config files (which include your database username and password) are stored below the web folder (normally called public_html or www) and then included in your script. This way, the risk of these details being discovered by a visitor is greatly reduced.