headers
rolf vreijdenberger | 1 Nov 2002 01:04
Picon
Favicon

storing inc.php outside doc root/security/includes

this is how it is done:

include ($_SERVER['DOCUMENT_ROOT'].'/../sensitivedata.inc.php');

explanation:
suppose i have a file:
www.mydomain.com/file.php
on the server it could be :
 /home/sites/site168/web/file.php
this file wants to include a file with sensitive data, (or just download
some other files ) that should not be in the root (accessible via the web)
so I store this files in this directory, one higher than the doc root
/home/sites/site168/
like this
/home/sites/site168/sensitivedata.inc.php
it is now inaccesible via the web in a direct way, but not indirectly,
through other php scripts.

you include it in the way described above:
include ($_SERVER['DOCUMENT_ROOT'].'/../sensitivedata.inc.php');
$_SERVER['DOCUMENT_ROOT']
quote php manual "The document root directory under which the current script
is executing, as defined in the server's configuration file."

hope to have helped you all

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
(Continue reading)

Permalink | Reply |
headers
Marek Kilimajer | 2 Nov 2002 15:04
Picon

Re: storing inc.php outside doc root/security/includes

I know how it works, I just want to know the error (or warning you get)
example:
*Warning*: Failed opening ... for inclusion 
(include_path='.:/php/includes:/usr/share/php') in */var/www/... *on 
line ...

Also check if your $_SERVER['DOCUMENT_ROOT'] really corresponds to real 
filesystem path,
for example on my system $_SERVER['DOCUMENT_ROOT'] is /www/htdocs, but 
/www/htdocs is only
a symlink to /var/www/html, so I need to put sensitivedata.inc.php into 
/var/www/html.
You might also have safe mode restrictions in effect.

rolf vreijdenberger wrote:

>this is how it is done:
>
>include ($_SERVER['DOCUMENT_ROOT'].'/../sensitivedata.inc.php');
>
>explanation:
>suppose i have a file:
>www.mydomain.com/file.php
>on the server it could be :
> /home/sites/site168/web/file.php
>this file wants to include a file with sensitive data, (or just download
>some other files ) that should not be in the root (accessible via the web)
>so I store this files in this directory, one higher than the doc root
>/home/sites/site168/
>like this
(Continue reading)

Permalink | Reply |

Gmane