•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 397,792 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,445 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 2781 | Replies: 3
 |
•
•
Join Date: Mar 2004
Location: In a house
Posts: 94
Reputation: 
Rep Power: 5
Solved Threads: 0
Junior Poster in Training
I have been working on flatfile and directory system in PHP and not that I have got the script working I want to make it more secure. What I have is one directory with sub-directorys insided them and insided the subdirectorys are about 20 files each.
Forexample:
When the script is working out what directory to open it works like this:
directory/$subNum/$filename
What I want to be able to do is stop people from going down directorys (../../filename) because this could be a big security risk. What I want to know is if there is a better way than !preg_match('../',$filename).
Forexample:
directory/ sub1/ sub2/
When the script is working out what directory to open it works like this:
directory/$subNum/$filename
What I want to be able to do is stop people from going down directorys (../../filename) because this could be a big security risk. What I want to know is if there is a better way than !preg_match('../',$filename).
•
•
Join Date: Feb 2002
Location: Lawn Guylen, NY
Posts: 10,881
Reputation:
Rep Power: 32
Solved Threads: 108
I would think that would suffice. Does anyone here think that it would still be a security risk? The only thing I could see still being a problem is that someone could still manually enter the directory URL into their browser for access to the files.
Dani the Computer Science Gal
Do you run a computer-related website? Feature it in our niche link directory!
Do you run a computer-related website? Feature it in our niche link directory!
•
•
Join Date: Jun 2004
Location: Phoenix Arizona
Posts: 115
Reputation:
Rep Power: 5
Solved Threads: 2
Junior Poster
Don't do that. Put the flat file above the web root. I'm not sure of your hosting environment, but most linux set ups allow you to access files above the web root with your scripts.
If there is no way to do that in your situation, then yes, block them with your script since it is already written. But also, change the file perms so only your scripts can access it, and use .htaccess to block access to those files from everybody except your scripts and/or the owner of the files.
If there is no way to do that in your situation, then yes, block them with your script since it is already written. But also, change the file perms so only your scripts can access it, and use .htaccess to block access to those files from everybody except your scripts and/or the owner of the files.
Need a website designer? arizona web design : phoenix web design : MCP Media intelligent web design and web development solutions. MCP Media is owned and operated by Chris Hooley - who happens to be a real nerd... on purpose :-)
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
Linear Mode
Similar Threads
- Active Directory based Intranet web application problems (ASP.NET)
- New to PHP (PHP)
- 100 manual directory submissions, in a month--too many? (Search Engine Optimization)
- try to access Active Directory in .NET -->system.runtime.interopservices.comexception (VB.NET)
- Integrating with Active Directory (OS X)
- IIS5 - Virtual Directory - SharedFolder Other Drive (Windows NT / 2000 / XP / 2003)
- Samba roaming profiles (*nix Software)
Other Threads in the PHP Forum
- Previous Thread: PHP Login
- Next Thread: How do i get other webpage and parse !
