Include(filename.php) and security

02/11/2007, 00h27

I have a file abc.php which includes another file (which primarily has
text) called text.php.

Is there a way I can secure the text.php file without affecting the
include_once('text.php') call in abc.php?

By secure, I mean the outside user should not be able to find the file
at all.

Of course one method is to obfuscate the name of text.php, but any
simpler solutions are preferred.

Best regards,
Animesh

02/11/2007, 01h35

"Animesh K" <animesh1978@gmail.com> wrote in message
news:fgdnc8$25bu$1@agate.berkeley.edu...
>I have a file abc.php which includes another file (which primarily has
>text) called text.php.
>
> Is there a way I can secure the text.php file without affecting the
> include_once('text.php') call in abc.php?
>
> By secure, I mean the outside user should not be able to find the file at
> all.
>
> Of course one method is to obfuscate the name of text.php, but any simpler
> solutions are preferred.
>
> Best regards,
> Animesh

put it outside the of the web root directory. make sure your web server has
permission to acces the file.

02/11/2007, 01h42

Steve wrote:
> "Animesh K" <animesh1978@gmail.com> wrote in message
> news:fgdnc8$25bu$1@agate.berkeley.edu...
>> I have a file abc.php which includes another file (which primarily has
>> text) called text.php.
>>
>> Is there a way I can secure the text.php file without affecting the
>> include_once('text.php') call in abc.php?
>>
>> By secure, I mean the outside user should not be able to find the file at
>> all.
>>
>> Of course one method is to obfuscate the name of text.php, but any simpler
>> solutions are preferred.
>>
>> Best regards,
>> Animesh
>
> put it outside the of the web root directory. make sure your web server has
> permission to acces the file.
>
>

Can you please explain it a bit more. Outside of the directory, but where?

Do you mean make a directory for those text files and keep it hidden
since people will not know where that directory is, so they cannot guess it?

02/11/2007, 02h34

Animesh K wrote:
> I have a file abc.php which includes another file (which primarily has
> text) called text.php.
>
> Is there a way I can secure the text.php file without affecting the
> include_once('text.php') call in abc.php?
>

You could secure it with .htaccess, but that's the hard way.

> By secure, I mean the outside user should not be able to find the file
> at all.
>
> Of course one method is to obfuscate the name of text.php, but any
> simpler solutions are preferred.
>
> Best regards,
> Animesh
>

Put the file in a directory outside of the web server's root directory.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

02/11/2007, 03h49

Jerry Stuckle wrote:
> Animesh K wrote:
>> I have a file abc.php which includes another file (which primarily has
>> text) called text.php.
>>
>> Is there a way I can secure the text.php file without affecting the
>> include_once('text.php') call in abc.php?
>>
>
> You could secure it with .htaccess, but that's the hard way.

All methods are welcome.

>
>> By secure, I mean the outside user should not be able to find the file
>> at all.
>>
>
> Put the file in a directory outside of the web server's root directory.

I don't have a dedicated server. I am using a shared server and most
likely this cannot be done.

02/11/2007, 03h52

Animesh K wrote:
> Jerry Stuckle wrote:
>> Animesh K wrote:
>>> I have a file abc.php which includes another file (which primarily
>>> has text) called text.php.
>>>
>>> Is there a way I can secure the text.php file without affecting the
>>> include_once('text.php') call in abc.php?
>>>
>>
>> You could secure it with .htaccess, but that's the hard way.
>
> All methods are welcome.
>
>>
>>> By secure, I mean the outside user should not be able to find the
>>> file at all.
>>>
>>
>> Put the file in a directory outside of the web server's root directory.
>
>
> I don't have a dedicated server. I am using a shared server and most
> likely this cannot be done.
>

Many shared servers give you access one level above your web root
directory. If you're doesn't, find one which does. If you need the
file protected, anything else isn't worth the hassle.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

02/11/2007, 03h55

Jerry Stuckle wrote:
> Animesh K wrote:
>> I have a file abc.php which includes another file (which primarily has
>> text) called text.php.
>>
>> Is there a way I can secure the text.php file without affecting the
>> include_once('text.php') call in abc.php?
>>
>
> You could secure it with .htaccess, but that's the hard way.
>

How about turning off warnings? That's what you mean by .htaccess? (like
warning off).

02/11/2007, 03h57

Jerry Stuckle wrote:

>
> Many shared servers give you access one level above your web root
> directory. If you're doesn't, find one which does. If you need the
> file protected, anything else isn't worth the hassle.
>

I use godaddy's service, and don't really plan to change (price!). I
will check if I can get to a higher directory (but the ftp program gets
me directly to the web-root and I haven't fiddled with the .. command).

I can always use some obfuscated directory for the file (like
/asaihsaihsaih/filename ..)

Thanks,
Animesh

02/11/2007, 00h27	#1
Animesh K Messages: n/a Hébergeur:	Include(filename.php) and security I have a file abc.php which includes another file (which primarily has text) called text.php. Is there a way I can secure the text.php file without affecting the include_once('text.php') call in abc.php? By secure, I mean the outside user should not be able to find the file at all. Of course one method is to obfuscate the name of text.php, but any simpler solutions are preferred. Best regards, Animesh

02/11/2007, 01h35	#2
Steve Messages: n/a Hébergeur:	Re: Include(filename.php) and security "Animesh K" <animesh1978@gmail.com> wrote in message news:fgdnc8$25bu$1@agate.berkeley.edu... >I have a file abc.php which includes another file (which primarily has >text) called text.php. > > Is there a way I can secure the text.php file without affecting the > include_once('text.php') call in abc.php? > > By secure, I mean the outside user should not be able to find the file at > all. > > Of course one method is to obfuscate the name of text.php, but any simpler > solutions are preferred. > > Best regards, > Animesh put it outside the of the web root directory. make sure your web server has permission to acces the file.

02/11/2007, 01h42	#3
Animesh K Messages: n/a Hébergeur:	Re: Include(filename.php) and security Steve wrote: > "Animesh K" <animesh1978@gmail.com> wrote in message > news:fgdnc8$25bu$1@agate.berkeley.edu... >> I have a file abc.php which includes another file (which primarily has >> text) called text.php. >> >> Is there a way I can secure the text.php file without affecting the >> include_once('text.php') call in abc.php? >> >> By secure, I mean the outside user should not be able to find the file at >> all. >> >> Of course one method is to obfuscate the name of text.php, but any simpler >> solutions are preferred. >> >> Best regards, >> Animesh > > put it outside the of the web root directory. make sure your web server has > permission to acces the file. > > Can you please explain it a bit more. Outside of the directory, but where? Do you mean make a directory for those text files and keep it hidden since people will not know where that directory is, so they cannot guess it?

02/11/2007, 02h34	#4
Jerry Stuckle Messages: n/a Hébergeur:	Re: Include(filename.php) and security Animesh K wrote: > I have a file abc.php which includes another file (which primarily has > text) called text.php. > > Is there a way I can secure the text.php file without affecting the > include_once('text.php') call in abc.php? > You could secure it with .htaccess, but that's the hard way. > By secure, I mean the outside user should not be able to find the file > at all. > > Of course one method is to obfuscate the name of text.php, but any > simpler solutions are preferred. > > Best regards, > Animesh > Put the file in a directory outside of the web server's root directory. -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================

02/11/2007, 03h49	#5
Animesh K Messages: n/a Hébergeur:	Re: Include(filename.php) and security Jerry Stuckle wrote: > Animesh K wrote: >> I have a file abc.php which includes another file (which primarily has >> text) called text.php. >> >> Is there a way I can secure the text.php file without affecting the >> include_once('text.php') call in abc.php? >> > > You could secure it with .htaccess, but that's the hard way. All methods are welcome. > >> By secure, I mean the outside user should not be able to find the file >> at all. >> > > Put the file in a directory outside of the web server's root directory. I don't have a dedicated server. I am using a shared server and most likely this cannot be done.

02/11/2007, 03h52	#6
Jerry Stuckle Messages: n/a Hébergeur:	Re: Include(filename.php) and security Animesh K wrote: > Jerry Stuckle wrote: >> Animesh K wrote: >>> I have a file abc.php which includes another file (which primarily >>> has text) called text.php. >>> >>> Is there a way I can secure the text.php file without affecting the >>> include_once('text.php') call in abc.php? >>> >> >> You could secure it with .htaccess, but that's the hard way. > > All methods are welcome. > >> >>> By secure, I mean the outside user should not be able to find the >>> file at all. >>> >> >> Put the file in a directory outside of the web server's root directory. > > > I don't have a dedicated server. I am using a shared server and most > likely this cannot be done. > Many shared servers give you access one level above your web root directory. If you're doesn't, find one which does. If you need the file protected, anything else isn't worth the hassle. -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================

02/11/2007, 03h55	#7
Animesh K Messages: n/a Hébergeur:	Re: Include(filename.php) and security Jerry Stuckle wrote: > Animesh K wrote: >> I have a file abc.php which includes another file (which primarily has >> text) called text.php. >> >> Is there a way I can secure the text.php file without affecting the >> include_once('text.php') call in abc.php? >> > > You could secure it with .htaccess, but that's the hard way. > How about turning off warnings? That's what you mean by .htaccess? (like warning off).

02/11/2007, 03h57	#8
Animesh K Messages: n/a Hébergeur:	Re: Include(filename.php) and security Jerry Stuckle wrote: > > Many shared servers give you access one level above your web root > directory. If you're doesn't, find one which does. If you need the > file protected, anything else isn't worth the hassle. > I use godaddy's service, and don't really plan to change (price!). I will check if I can get to a higher directory (but the ftp program gets me directly to the web-root and I haven't fiddled with the .. command). I can always use some obfuscated directory for the file (like /asaihsaihsaih/filename ..) Thanks, Animesh

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email