'Private' directory practical use

Well, I'm not sure who you are using, or anything... but with an educated guess, your ISP offers you web space, and anything in that directory (www) is going to be accessible (given permissions are set correctly) to anyone on the web. This would be your web page, your asp files, any downloads and zips, pictures etc, etc. But maybe, you'd like to keep some stuff off the web, that you'd still like to keep stored on their server. Maybe Old web content that you don't want anyone to have access to. I know I have some rather ugly pics of myself, that I would never put in a www ;)

Hi,

I see what you mean. Thanks for the input.

Andy

the other thing you could do with the private section is restrict downloads. Suppose you only want to let your members download certain videos from your website (or any other content) then you can keep the file stored in the private section and then just parse it out to those members who are properly logged in with the correct permissions.

Paradox,

Your ideas are sound.

I have been placing password and other text files 'off site' and it works great. However, when I placed 'include' functions 'off site' I ran into issues referencing other files from the included functions. That is why I need to educate myself on the advantages and limitations of this practice.

I have a bookshelf full of reference material, but this subject is not covered in a way that I can grasp the details.

Thanks,

Andy

yes I think that PHP does support some ftp functions (i have no idea how to use those) so that you could log into another off site server and access these files, although this would probably be too time consuming if you did this on every single webpage on your site.

On the other hand you could always set up a cron job to copy the files from the offsite server every hour or so to the server you are working on to make sure it always has a some what fresh copy.

Most of the time the "private" directory on a web server is where you would store your login information to a database or other sensitive information. Drawbacks include if someone gets access to your website (control panel, or FTP) and can see things outside of your http. If the DB account has more than just select access on a few meaningless tables (read... menus, content, etc.) then you can most likely just put it into your normal www directory.

about 80% of the time they are accessed by other php scripts (internal to your site) using this:

require("home/webname/private/file.php");

I personally like to put in a connection.php file that holds all of the information to the database (host, username, password, etc). I also like to hold my security check for the host there as well... which looks something like this:

if (($_SERVER['SERVER_NAME']!="your host name")){
	 echo "you are not authorized to access this page"; 
	die(); 
}

you can always get your host name by using

echo $_SERVER['SERVER_NAME'];

remember that a lot of ISPs are now using something like localhost:temp/mysql5.sock file for a little added security on your DB. just check with your ISP and they'll let you know.