Limiting access to files

aksival

I am working on a script that retrieves usernames & passwords from a text file. (It's nothing serious, and it doesn't need to be that secure, so for the sake of simplicity I am doing it this way.)

What I am wondering is, if someone (by chance) decided to type www.domain.com/user_information_filename.ext it will display the entire contents of that text file (regardless of the extension). This would give them complete access to all usernames/passwords/email addresses, etc.

So the question is, what's the best way to allow access from the script but disable access for users/spiders/etc.

I looked at .htaccess but limiting access to the file like that also limits access to the script.

Any ideas?

andrewtayloruk

Do it differently.

Hold it in a text file above the webroot and change the owner of the file to be the owner of the process that your webserver runs under (This is usually nobody on Apache/*nix and IUSR_MACHINENAME on IIS/Windows). The use read file.

Or, in a less secure but more secure that your current way, change the file to php.

<?php

$username = 'jeff';
$password = 'jeff';

HTH

Andrew