FUDforum: comp.lang.php » php includes in readable directory

Home » Imported messages » comp.lang.php » php includes in readable directory

Show: Today's Messages :: Polls :: Message Navigator

Re: php includes in readable directory [message #181835 is a reply to message #181832]

Sun, 09 June 2013 13:16

Jerry Stuckle
Messages: 2598
Registered: September 2010

Karma:

Senior Member

On 6/9/2013 5:39 AM, John Anderson wrote:
> Hello,
> I've got a website where the apache directory is available to other
> users with shell accounts: /var/www/html.
>
> If I put something like 'db_login.php' in there with a MySQL password in
> it, and include it from index.php, then anyone with shell access will be
> able to read it.
>
> So I move it out, but where? Is there a 'standard' place to put stuff
> like this? /usr/local seems too 'root-like', and I don't really want to
> put it into my $HOME, and give httpd the right to see in there.
>
> Thanks.
>

Security 101L: Accounts should only have access to what they need.
Unless they are directly involved in coding the website, they should not
have access to /var/www/html.

You need to study up on Linux permissions (and perhaps get a Linux admin
to help you configure you system correctly).

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================

Report message to a moderator

[Message index]

		php includes in readable directory By: John Anderson on Sun, 09 June 2013 09:39
		Re: php includes in readable directory By: J.O. Aho on Sun, 09 June 2013 10:59
		Re: php includes in readable directory By: Thomas 'PointedEars' on Sun, 09 June 2013 13:11
		Re: php includes in readable directory By: Jerry Stuckle on Sun, 09 June 2013 13:16
		Re: php includes in readable directory By: John Anderson on Sun, 09 June 2013 14:27
		Re: php includes in readable directory By: Denis McMahon on Sun, 09 June 2013 20:09
		Re: php includes in readable directory By: Jerry Stuckle on Sun, 09 June 2013 20:57
		Re: php includes in readable directory By: Fred on Sun, 09 June 2013 15:44

Previous Topic:	There is no more attempt to draw the mind of children
Next Topic:	Re: Using Crystal Reports with PHP

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Feb 16 13:13:09 GMT 2025

Total time taken to generate the page: 0.05124 seconds