www.webdeveloper.com
Results 1 to 4 of 4

Thread: How to keep safe

  1. #1
    Join Date
    May 2008
    Posts
    5

    How to keep safe

    Hello all,

    I have searched for this in the forum but have found nothing so I am starting a new thread. I wanted your opinions on which you think is the best/most professional way to keep files safe from users; placing them in a directory above root or restricting access with .htaccess any why.

    thank you all for your answers

  2. #2
    Join Date
    Jan 2007
    Location
    Wisconsin
    Posts
    2,120
    Well, suppose you need to distribute your app to a server on which you do not have administrative privileges. This server allows you to have a .htacces file, but you can't do everything you want, so your site breaks, potentially exposing those files to the public. Or, suppose someone introduces an error into the main apache config file, accidentally disabling .htaccess. Or suppose you migrate you app to your brand new dedicated box, and simply forget to copy that file over (it's hidden from normal view, you know). Then, when you realize what you've done, having found of your private files all over the net, you upload the file, only to realize several weeks later that you accidentally disabled .htacces in your main config file.

    ... I think there's a decent list of possible mixups that justify not relying on .htaccess for security. In general, keeping your private data above the document root safeguards you against a great deal of possible human error events, and possibly even a good deal of possible software errors, either of which may go unnoticed until they're critically painful.
    Jon Wire

    thepointless.com | rounded corner generator

    I agree with Apple. Flash is just terrible.

    Use CODE tags!

  3. #3
    Join Date
    May 2008
    Posts
    5

    You're sooooo right

    I understand what you mean svidgen, this is exactly the kind of answer I was looking for. Thank you for your time!

  4. #4
    Join Date
    Jun 2009
    Posts
    127
    Hi,

    You can create htaccess file in the folder for which you do not want to grant the access and add this code in that file:

    order deny, allow
    deny from all
    allow from 12.13.14.15

    This will give access to the only IP address 12.13.14.15.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles