Results 1 to 4 of 4

Thread: hiding includes

  1. #1
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,373
    Thanks
    77
    Thanked 3,421 Times in 3,382 Posts
    Blog Entries
    12

    Default hiding includes

    I just tried hiding my includes by putting them in a directory with only owner permissions set, and alternatively by giving the files themselves only owner permissions. This worked fine but then they were no longer accessible to the pages that they were included on.

    My question - what's the best way to assure that no one may stumble upon your includes by themselves?

    Is there PHP code that could go in the head of the include so that if it is accessed directly it will switch to either some other page or a page that it is intended to be included on?
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  2. #2
    Join Date
    Jul 2006
    Location
    just north of Boston, MA
    Posts
    1,806
    Thanks
    13
    Thanked 72 Times in 72 Posts

    Default

    John, the only way to "hide" the includes is to put them in a folder above the document root. Changing the permissions on them won't help because the user accessing the data is still the same.

    The purpose of putting the includes above the document root is incase someone were to get into a page... he/she would only be able to see the files on the document root.

  3. #3
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,373
    Thanks
    77
    Thanked 3,421 Times in 3,382 Posts
    Blog Entries
    12

    Default

    Thanks. I figured that out. However, there is another way I've also discovered:

    http://modulatum.wordpress.com/2008/...de-from-users/

    But going above the root seems simpler and more secure to me.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  4. #4
    Join Date
    Jul 2008
    Posts
    199
    Thanks
    6
    Thanked 58 Times in 57 Posts

    Default

    I restrict access by placing the following code in my .htaccess file:
    Code:
    RewriteEngine On
    RewriteRule ^folderName - [F,L]
    You place that in the parent's htaccess file. If you want to put it in the actual folder, use this:
    Code:
    Deny from all

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •