linux - How secure is storing sensitive information in a .PHP file on an Apache server? -

linux - How secure is storing sensitive information in a .PHP file on an Apache server? -

August 15, 2013

I am creating an easy-setup, a database PHP website that stores its data Instead of in text files

Setup is a Linux / Apache / PHP server.

So far the information is non-sensitive , so I store them in: ../atellite/statet.txt In the (url) /data/system.txt you can type and see the data file in plain text, which did not make any difference till now .

But now I want store passwords so that different groups can log in and see different information These sites are marked with " low interest " and " Low profile "sites and if a site gets bored enough to hack and sees information, then this is not the end of the world, I just want to provide an interruption of technical constraints. I so that the site has personal and group access Dikar mills, while maintaining ease These 50 sites without having to set up the 50 sites and maintain.

My question is, what is the best way to protect these text files on Apache?

I can think of the following:

1) Some random directory names ../ data / strong>, e.g. " ../ Data 928374928374 " as a type of vague measurement

   2)  Change the  .txt file to .php  and thus protect the text with the PHP code: 
   & lt ;? php echo 'access denied' ; Die; / * ... Store data here ... * /? & Gt;  
   3)  files with .txt and other endings protected A For the / data directory is  .htaccess file  Put: 
   & lt; file match ". (Sqlite | xml | txt | csv | php) $ "& gt; from all & lt; / FilesMatch & gt;  
  Here's my idea: 
  1) I could think that  ways to find hidden names of names on the server  is this true, is it true? 
  2) It is that  weird  is a text file called .php and has PHP code because I want to edit text files with non-tech people and just leave them in the data directory and work them out,  "Technical To improve them with "without".  Editor for not mentioning this message syntax-color in most. 
  3)  This .htaccess file is all Server will work on  For example, if I make a copy of the website for any Apache server, do I guarantee that files will be preserved, or there are other settings that affect the .htaccess files on Apache server Can turn off

 < 
   This will require a brush inquiry, but yes. 
  That is true, it makes things complicated for non-technical people plus, I imagine that whatever you want, it can not be. 
  The .htaccess rules will only work for Apache servers, where the directory is allowed to use the htaccess rules (and allows to override parameters, if this is necessary). Also note that some configurations can not be called .htaccess file, but some more. You probably can use SQLite or something that does not really require a database server. 
  Another idea is that there should be a structure like 
   / app / public_html / data  
  and in public_html Your website is externally excluded from the world and / data is not accessible (only by your scripts). 
  In the In / App folder you can create a HACACCase rule that will always redirect all the syntax to the punlic_html folder, so it will not be visible to the external user (it is possible behind the scenes). And if both folders are copies involving the .htaccess file, then it should be sufficient for one-stage deployment


















Get link





Facebook





X





Pinterest





Email





Other Apps




Comments





Post a Comment








Popular Posts




IronPython in C#: No module named xmlrpclib -



    I am trying to create a web application with an interactive console for IronPython. When I try to import xmlrpclib into the General console of IronPython, it works. However, if I use IronPython inside my C # code, then it does not put an exception "a module named xmlrpclib", is it a known issue? Any solution to solve this issue?   Here is the code:    var testcode = @ "import xmlrpclib; apiarver = xmlrpclib.ServerProxy ('address', allow_none = true); print APIServer.Hello () ; "; Mystream str = newest Mystream (); ScriptEngine Engine = Python. Cretegenine (); Engine. Retyme.io asset output (str, system text encoding. ASCII); Engine. Serial.io.setuperoutput (str, systemtext.edcoding.aspx); ScriptScope scope = engine.CreateScope (); ScriptSource src = engine.CreateScriptSourceFromString (testCode); Src.Execute (scope); Sorry for the silly question, it has come to know that there is a path used by IronPathon inside me.       The C # code was not correct. I ...






qt creator - QtCreator importing makefile projects -



    Have you ever tried importing Classic C ++ / project into Qt Creator?   Say that I wanted to use some libraries in my GUI project, which must be created. how can I do this?      In Qt Creator 2.0.1 you can import projects using only * * Cmake, * .creator, * .pro or * .qmlproject   Then switch to cmake and you can import the project into Qt builder (Welcome tab -> Open project ...).   Alex     






php - cURL Cookie and 307 redirect issue -



    I currently have a script that loads my client using curls on another server Currently, the settings    curl_setopt ($ CH, CURLOPT_RETURNTRANSFER, 1); Curl_setopt ($ CH, CURLOPT_FOLLOWLOCATION, TRUE); Curl_setopt ($ ch, CURLOPT_AUTOREFERER, true); Curl_setopt ($ ch, CURLOPT_USERAGENT, $ UserAgent); Curl_setopt ($ CH, CURLOPT_HEADER, 0); $ Usecookie = ROOT_PATH "/public_html/football_parser/cookie.txt"; If ($ usecookie) {if (! Is_writable ($ usecookie)) {return "$ usecookie can not write cookie file, change the file's permission to 777 or read only for windows."; } Curl_setopt ($ ch, CURLOPT_COOKIEJAR, $ usecookie); Curl_setopt ($ ch, CURLOPT_COOKIEFILE, $ usecookie); } $ Output = curl_xac ($ ch);    I'm trying to load two example URLs   statto.com/football/teams/newcastle-united/2005-2006/results   and   statto.com/football/teams/newcastle-united/2008-2009/results   Without a second load without any problems  curl_setopt ($ ch, CURLOPT_FOLLOWLOCATION, TR...








Powered by Blogger