SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    Evil Genius MilchstrabeStern's Avatar
    Join Date
    Nov 2003
    Location
    Arizona
    Posts
    1,131
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Is .htaccess the best way to secure a folder?

    Hey guys,

    I am using a CMS, and I can restrict access to pages of my website etc quite easily. But I also want to restrict access to folders. I know this can be done using .htaccess, but is it the best solution? And if I want to link something from one of these folders, does the code need the password? If so how would that work?

    -Bryan
    ]

  2. #2
    SitePoint Zealot
    Join Date
    Jul 2003
    Location
    Romania
    Posts
    118
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can also place those folders outside the document root.

  3. #3
    SitePoint Zealot
    Join Date
    Jun 2003
    Location
    New York City
    Posts
    117
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you are unable to create the folder above the folder where your CMS exists, the .htaccess is a good method. You will need the password to access anyting in these folders, which the web broswer will prompt you for.

    If what you're trying to do is keep sensitive scripts from prying eyes that you want to use within your site, then this isn't a good method, as you'll need that password in order to access the script. The best solution for this is what Psyche said: place the files in a folder that is outside of your web folder.

  4. #4
    Evil Genius MilchstrabeStern's Avatar
    Join Date
    Nov 2003
    Location
    Arizona
    Posts
    1,131
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good idea!

    How would I link to them though?
    ]

  5. #5
    SitePoint Zealot
    Join Date
    Jun 2003
    Location
    New York City
    Posts
    117
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You include them into your page using the include_once() function. You have to also be sure you provide PHP with the path to your hidden folder. This can be done in the public folder's .htaccess file like this:

    php_value include_path /home/mysite.com/inc

    Then in your HTML page, you add at the top...

    include_once('myscript.php');

    myscript.php would be located in the /home/mysite.com/inc/ folder on your server.

  6. #6
    Evil Genius MilchstrabeStern's Avatar
    Join Date
    Nov 2003
    Location
    Arizona
    Posts
    1,131
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well I am dealing with Audio files not php scripts, should have clarified that.
    ]

  7. #7
    SitePoint Zealot
    Join Date
    Jun 2003
    Location
    New York City
    Posts
    117
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh, yes, that's a whole different kettle of fish, and a lot more involved. I recommend you check some of the user notes for the header() function in the php.net site, which has some posts on doing exactly what you want:

    http://us3.php.net/manual/en/function.header.php#56748

  8. #8
    SitePoint Evangelist ldivinag's Avatar
    Join Date
    Jan 2005
    Location
    N37 33* W122 3*
    Posts
    414
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if audio files, dump them into a BLOB table in mysql or something...
    leo d.

  9. #9
    Evil Genius MilchstrabeStern's Avatar
    Join Date
    Nov 2003
    Location
    Arizona
    Posts
    1,131
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I like that idea even better. So I just figure out the URL for the audio files , place it in a table, and then us PHP to connect and link them up?
    ]

  10. #10
    SitePoint Evangelist ldivinag's Avatar
    Join Date
    Jan 2005
    Location
    N37 33* W122 3*
    Posts
    414
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MilchstrabeStern
    I like that idea even better. So I just figure out the URL for the audio files , place it in a table, and then us PHP to connect and link them up?

    read it and weep:

    http://www.devarticles.com/c/a/MySQL...-PHP-and-MySQL

    leo d.

  11. #11
    Evil Genius MilchstrabeStern's Avatar
    Join Date
    Nov 2003
    Location
    Arizona
    Posts
    1,131
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good article! I'll need to read all 7 pages when I get the chance.
    ]


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •