Server Page Secrecy

[marain]

In responding to a script error in a test page, a moderator pointed out a typo on the live page on my site. I very much appreciate his having brought that to my attention, and I thank him. (The typo has now been corrected.) However, the moderator's ability to have accessed the source code on the server in the first place surprised me. In retrospect, I probably should not have been surprised. I now see how he accessed it, and wonder whether there is a simple way to hide the data on the server page from the world. The particular typo was in an entry in an array.

Thinking out loud, I suppose I could put the array in its own file on the server and access the particular element that I want of the array from the main script. But wouldn't that array file be equally accessible to those who seek it?

A.

[jscheuer1]

That was me, and you gave the location of the file in your post:

http://www.dynamicdrive.com/forums/s...08&postcount=1

like so:

Code:

$lastUpdate = date( "j F Y", filemtime( "pageContent/quotations.txt" ) );

I knew what domain to look at because of (also from that post):

Code:

<center>*** Click <a href="http://www.MarainLaw.com/quotations"><span style="color : #ff4040; ">Here</ . . .

Since it's a text file, I was able to access it directly. If it were a .php file, the server would have resolved things on it and/or thrown an error and I wouldn't have been able to read it even if I knew where it was.

As a .php file, it should still work as expected when included on the other page that uses it.

Another option if available to you on your server is to place the file below the root of the domain where only your PHP scripts can access it.