Jordan L. Chilcott - Dreamweaver Talk List Admin Re: Making Connections SECURE? - Help!?
Oct 12, 2002; 12:14
Jordan L. Chilcott - Dreamweaver Talk List Admin
Re: Making Connections SECURE? - Help!?
Unless you are actually displaying the connections folder, no one is going to really know you have one, unless you go around telling people that it exists (sort of like what you did on the list :-) ).
Protecting it with an .htaccess is only good if you are referencing it with an http:// protocol. The include() function accesses the connections folder on the file level and it is behind the scenes. If a hacker gets in, they will be tapping into the server on a file level and will be able to read whatever files you have anyhow. Web capture programs work on an http:// (usually) and by that time, a PHP file has been processed.
In this case, leave the security up your admin.
jord
On Friday, October 11, 2002, at 11:10 AM, Jefferis Peterson wrote:
> I am really confused about the connections folder created by DWMX > [mysql/php]. I created a connection with a "read only" access to the > database, which I assume if someone cracks the folder, they won't learn > much, but I am concerned as to how to govern access to this folder if > I want > to create a member's ability to update a file. I realize I could > create a > password protected folder with .htacess, but the Connections folder > would > then contain write privileges. So, if I protect the folder from all > then the > free read only access to the data would be blocked as well... > > On my own database for my pages, in long hand, I created the connection > script in the user account : > <? require("/usr/home/myuseraccount/.connect/con.php"); > ?> > > This deed was done with a cut and paste, tutorial approach, so I didn't > understand all the finer points of security that I was doing, but it > allows > for members only to view the contents of the folders, using a login to > the > database of users. > > I guess what I'm saying is that I really don't understand how you can > set up > protections that govern all circumstances or how you can use .htaccess > in > this situation to make a difference. > > Any help GREATLY appreciated. > -- Jordan L. Chilcott, President Interactivity Unlimited Guelph, Ontario --------------------------------- Tel: (519) 837-1879 Cel: (519) 835-6628 eFax: (253) 276-8631
------------------------------------------------------------------------ List Administrator: <mailto:dreamweaver-admin@blueworld.com> To Unsubscribe: <mailto:dreamweaver-off@blueworld.com> Archives: <http://www.listsearch.com/dreamweavertalk.lasso>
Oct 12
Jefferis Peterson Re: Making Connections SECURE? - Help!?
Oct 12, 2002; 20:30
Jefferis Peterson
Re: Making Connections SECURE? - Help!?
Search
Lasso Programming
This site manages and broadcasts several email lists pertaining to Lasso Programming and technologies related and used by Lasso developers. Sign up today!