Hello,
I recently signed up with a free hosting provider(apache, mysql, php). When I login through ftp, I go to my root directory which is web accessible. So where do I hide the files that I don't want to be accessed through the web? Such as database connection files, user uploaded files, etc. Are all hosting services the same? Or do some of them give access to directories that are not web accessible? This first I am trying put an actual website up so I would appreciate any help. Thanks.
ryy705
0
Junior Poster
Recommended Answers
Jump to Postthere is usually a folder outside of the web directory called private, if you dont have that then use this link to learn .htaccess http://www.javascriptkit.com/howto/htaccess.shtml
it will help you because you can stick …
Jump to Postthe password file is just if you want to access the protected directory manually (through typing the address to it) at any time, if you dont want to access the protected directory in that manner then you don't need to worry and yes it is enough if you do
All 8 Replies
Auzzie
6
Junior Poster
there is usually a folder outside of the web directory called private, if you dont have that then use this link to learn .htaccess http://www.javascriptkit.com/howto/htaccess.shtml
it will help you because you can stick all of your sensitive information within a folder and make it unaccessable from the web
ryy705
0
Junior Poster
there is usually a folder outside of the web directory called private, if you dont have that then use this link to learn .htaccess http://www.javascriptkit.com/howto/htaccess.shtml
it will help you because you can stick all of your sensitive information within a folder and make it unaccessable from the web
Thanks. I will read it.
ryy705
0
Junior Poster
Hmm.. the direction says to protect directories with .htacces and save the password file in a directory above the web tree. Thats exactly what I can't do. Do you think making the password file 644 is will? Will it be enough?
Auzzie
6
Junior Poster
the password file is just if you want to access the protected directory manually (through typing the address to it) at any time, if you dont want to access the protected directory in that manner then you don't need to worry and yes it is enough if you do
silviuks
0
Junior Poster in Training
If you want to protect the content of your directory use .htaccess with .htpass files. If you want only to hide your folder's content you can create a blank index.html file and put in every directory you want.
Auzzie
6
Junior Poster
the only problem of just putting a blank index.html file there is that the other files can still be accessed by a bot or an offline downloader like snake
ryy705
0
Junior Poster
Auzzie,
If I understand you correctly, I should create a htaccess protected directory but I should not create a password file for it. This way it will be impossible to directlyaccess the content through a browser. BRILLIANT!
However, the content will be accessible by other scripts that are running outside of the htaccess directory. This way I can give access to the contents to the admins through secured forms/pages. Did I understand it correctly?
Silvikus,
Yes, am trying to PROTECT the content. I want to be able to securely upload files. I am also trying to protect database connection info.
Auzzie
6
Junior Poster
Yes you are correct in that statement ryy705.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.