Hi Guys,
I've been working on a massive chat program for a few months and it's just about finished. But I've come to realize a big flaw.
Everything in my program is stored in mysql and the script itself is a php and ajax combo. But here is my problem.
There are public rooms and private rooms. Room files are the only thing in my program that are stored in flat files (text files) everything else is in mysql. With some of the features I've done its 10x more convenient for me to keep the rooms in text file.
Problem: text files are in my web directory. For public rooms no biggie. But private rooms are actually not private as I realized I could easily just use a leacher program or http direct (unless i put an htaccess file to prevent direct browsing)
When I tried to move my text file system outside of my server root (have a dedicated box) I got an error about base dir permissions and not being allowed to access files outside of the working web directory.
Any ideas where I can tell my system its okay to use these files outside of my web root? PhP.ini? which configuration line would it be?
I'm also using Litespeed server instead of apache, and have XCACHE installed and enabled for op code caching.
or any other advice on how to secure the text files would be greatly appreciated so that I can keep the room files in text files.
Cheers
