Txt file security question


I made a small website (it’s just a personal portfolio for 3d artist). It’s very simplistic and everything pretty much works, but there is one thing that i would like to make sure, before finishing it.

Right now, client wanted to have possibility that person who is looking at the website, can submit his email adress, so that when page is submited, owner can inform him about the update.
Problem is, that client wanted to have email stored in txt file, rether then database (and i’m not sure if db is really needed), but there is a potentional problem. Right now, emails indeed are stored in that txt file(lets call it emails.txt), but problem is, in theory, if one knows name of the file, he can also acces it from browser, if he enters exact link to it(like, www.mysite.com/emails.txt), and since there are links in this file, i’m not really sure if that is really safe thing to do (because of spam and such). I did change file name so that nobody won’t be able to simply guess it, but i’m not really sure if that will do it.

So, is there a way (if you think it’s necessary) to use php to save those mails into txt, but to also somehow protect this file so that people won’t be able to look at the file, or even spambots.


Put it outside the web-accessible directory.


I agree. You don’t want to depend on some funky name as your means of protecting the information.

well, i did put hpasswd on the folder that includes txt file, so i think that should do it…or?

Every step you take adds to the security. If the email.txt file is outside of the root like the htpasswd file is I’d say you’ve taken “due diligence”.


Well, on my localhost, that won’t be a problem, but i’m not sure if that will be doable on the server that hosts my site…i guess i can always ask the owners…tnx!

You could use htaccess and the “deny from all” directive. Put it in the folder you want to protect and your scripts can still access it but the general public will get a 403 FORBIDDEN error or “Directory has no index file” error. Most of the hosts I’ve had won’t let you store outside root so this is worth a shot.

You must be selecting the wrong hosts to use then because being able to place certain files outside of the web accessible folder is an essential part of many web sites.

If you’re on a shared server you won’t get enough access to mess with other sites, but you should be able to go “one up” from your public html folder. If you can’t see it in the ACP try going to your site via FTP, the hosts I’ve had (other than AOL hometown years ago) allow it.