Hello,
I was wondering if someone could help me with this question. I have a site where I want to store some sensitive data in text files off of the web server. I asked the hosting company to setup a folder outside of the document root for me. While I was reading a book recently, it said this would be located outside of the var folder and your code would look something like this...
$fp = fopen("$DOCUMENT_ROOT/../folder/file.txt", "w");
I set everything up and was ready to test it out. But when they setup the folder, they placed it inside the www folder, so it is actually in var/www/
Is this secure? It seems that from what the book was saying, only folders outside the var folder are secure. I just don't want to leave any sensitive information to where someone could get a hold of it. Any advice would be greatly appreciated. Thanks!
Wil
