CHMOD question

rapmonkey

I have a PHP script that accesses a file for info. However this file has passwords in it, so when typed into the browser it must NOT be shown (forbidden error). What CHMOD permissions do I need to do this? It seems the ONLY way the script will execute without a permissions error is if the All Users Read box is checked, but then you can view the script! How do I do this? Thanks for ANY help! 😃

dalecosp

There are a few ways to get around this. The best advice is probably "don't put it in the web folder, then!" Anything under the document root could potentially be read if the server (software) is compromised somehow.

Easy hack? Make the data file a PHP file and include() it. Or, maybe just.....

<?php

$pass1="foo";
$pass2="bar";
$hostname="mysql.host.com";
$dbname="somedatabase";

?>

No output, right? Therefore, not readable via the WWW.

OK, let's get even meaner. PHP is just gonna read this with fopen or somesuch, using an absolute pathname (or even a relative one) instead of a URL, right? So the URL is rather unimportant UNLESS it's being accessed via a browser. Add this:

if ($_SERVER['PHP_SELF']="nameofthispage") {
   header("Location:  http://www.fbi.gov/index.html?imacracker=YES");
}

😃

Any of this make any sense?