hiding includes

Printable View

03-28-2009, 01:07 PM
jscheuer1

hiding includes

I just tried hiding my includes by putting them in a directory with only owner permissions set, and alternatively by giving the files themselves only owner permissions. This worked fine but then they were no longer accessible to the pages that they were included on.

My question - what's the best way to assure that no one may stumble upon your includes by themselves?

Is there PHP code that could go in the head of the include so that if it is accessed directly it will switch to either some other page or a page that it is intended to be included on?
03-28-2009, 01:13 PM
boogyman

John, the only way to "hide" the includes is to put them in a folder above the document root. Changing the permissions on them won't help because the user accessing the data is still the same.

The purpose of putting the includes above the document root is incase someone were to get into a page... he/she would only be able to see the files on the document root.
03-28-2009, 01:27 PM
jscheuer1

Thanks. I figured that out. However, there is another way I've also discovered:

http://modulatum.wordpress.com/2008/...de-from-users/

But going above the root seems simpler and more secure to me.
03-28-2009, 01:42 PM
techietim

I restrict access by placing the following code in my .htaccess file:

Code:

RewriteEngine On RewriteRule ^folderName - [F,L]

You place that in the parent's htaccess file. If you want to put it in the actual folder, use this:

Code:

Deny from all