SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Evangelist
    Join Date
    Mar 2011
    Location
    Bellingham, WA
    Posts
    450
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    outside of public_html versus deny from all.

    Hello!

    I've got a script which I'm using in a CRON job that shouldn't be accessed by anyone except for me. I know that if I put it outside of my public_html folder, nobody on the web can access it. The only downside is that to make it easily accessible in terms of uploading changes, it would have to be in a folder inside my public_html. Can I achieve the same level of security if I add an .htaccess file with "deny from all" in my public_html subfolder that contains the CRON job as if I had it outside the public_html folder?

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    kruet,

    Well, that would depend upon whether CRON is using an http request. Since I believe it does not, you've hit upon a way to hold your script in the webspace (and keep it from being accessed from webspace visitors). Personally, though, I'd setup a special FTP account (with a VERY strong password) to access your account above the DocumentRoot and load the file that way.

    Please test your way and report back with your results.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Evangelist
    Join Date
    Mar 2011
    Location
    Bellingham, WA
    Posts
    450
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I appreciate the reply! My way does seem to work as well and perhaps can be a viable alternative for those who would like the convenience of uploading with one FTP account. Of course, for the additional layer of security at the cost of a small inconvenience, your suggested approach would be the better of the two.

    Thanks again,

    Eric


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •