You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Efren Bravo <ef...@dhl.co.cu> on 2005/05/03 20:47:36 UTC

[users@httpd] Files protection

Hi,

I would want to know how you secure the sensitive data into www directory, for example the username and password of a database connection. You use .htaccess or put the data outside of the www directory or if exists another tenchniques?

Thanks

Re: [users@httpd] Files protection

Posted by Tom Cat <st...@gmail.com>.

I usually name all of my php includes as *.inc and add 

<Files ~ "\.inc$">
      Order allow,deny
      Deny from all
      Satisfy All
</Files>

to httpd.conf.  This keeps them from being served and works extremely well.

On 5/3/05, dan <in...@hostinthebox.net> wrote:
> Efren Bravo wrote:
> > Hi,
> >
> > I would want to know how you secure the sensitive data into www
> > directory, for example the username and password of a database
> > connection. You use .htaccess or put the data outside of the www
> > directory or if exists another tenchniques?
> >
> > Thanks
> 
> THis entirely depends on the functino which connects to a database.  In
> PHP, I have some .inc files that I keep outside of the www root that
> contain my database information and such, so that only the file being
> run can access this include file.
> 
> Is this what you're looking for?
> 
> Thanks
> -dant
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Files protection

Posted by dan <in...@hostinthebox.net>.

Efren Bravo wrote:
> Hi,
>  
> I would want to know how you secure the sensitive data into www 
> directory, for example the username and password of a database 
> connection. You use .htaccess or put the data outside of the www 
> directory or if exists another tenchniques?
>  
> Thanks

THis entirely depends on the functino which connects to a database.  In 
PHP, I have some .inc files that I keep outside of the www root that 
contain my database information and such, so that only the file being 
run can access this include file.

Is this what you're looking for?

Thanks
-dant

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org