secure info

Anon

i'm doing some experiments with authorization, but on my free server i don't have acces to databases.
i keep a textfile in the root-directory with the secure info.
how safe is this ? are there methods to read a directories and what's in it from outside ?

thanks .

[deleted]

It depends on how well the server is set up.
There have been several threads about this subject on this forum (but the search function is broken you'll have to use google.com to find them)

What kind of data are you writing to that file?

viper1777

If You Place the file one level above the root the access to the file can be more secure!

eg.
C:\Web\File.txt
Can be accessed from a file in:
C:\Web\PHP\Test.php
by Setting the path to ..\File.txt on Unix OR ..\File.txt On Windows. This can sometimes work and if you limit access to root only then the files should be safe-ish!

Thanx Dave Shaw.

Anon

it's a textfile containing encrypted usernames and passwords (!).

the problem is when you know the file's name and his url, you can read it.

now, i'm experimenting with putting the data at the end of an php file. in the beginning i put a php script that redirects.
is this a interesting idea?

thankss

Anon

yeah i know, it works great at home (apache), but not at the free webspaceprovider...where you can't put files one level higher.

[deleted]

If the passwords are encrypted using MD5, then you have little to worry about, because there is no (easy) way of decoding MD5 encrypted data.