httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <...@ulysium.net>
Subject Re: [users@httpd] Make .txt file not directly accessable, only through script
Date Wed, 28 May 2003 20:40:11 GMT
on 5/28/03 4:24 PM, Hulslander, Ryan at Ryan.Hulslander@ps.net uttered the
following:

> I have a situation where a data is being stored in a .txt file on the
> server. PHP code is able to read/write to the file. How do I keep someone
> from accessing it DIRECTLY for viewing, but still let the PHP web pages see
> it?
> 
> If they do:
> 
> https://mysite/postform.php, they can post data to a .txt file the script
> uses. If they hit https://mysite/readdata.php they can see it that way. But
> it they try to hit the datafile directly via https://mysite/datafile.txt
> they get a "forbidden" page.
> 
> Is this possible?

Of course!
But I wouldn't do it that way.
One possibility is to place it outside of the web tree, so it's not directly
available for viewing. So trying to access it via a url won't work, because
it's not there to be seen, only the php script can fetch it.

An other possibility could be to put it in a folder that's password
protected in some way.

-- 
Didier Godefroy
mailto:dg@ulysium.net


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message