Re: Making Connections SECURE? - Help!?
- 1 Messages
- Collapse All
- Expand All
- Subscribe
Oct 12
Jordan L. Chilcott - Dreamweaver Talk List Admin Re: Making Connections SECURE? - Help!?
Oct 12, 2002; 12:14
Jordan L. Chilcott - Dreamweaver Talk List Admin
Re: Making Connections SECURE? - Help!?
Unless you are actually displaying the connections folder, no one is
going to really know you have one, unless you go around telling people
that it exists (sort of like what you did on the list :-) ).
Protecting it with an .htaccess is only good if you are referencing it
with an http:// protocol. The include() function accesses the
connections folder on the file level and it is behind the scenes. If a
hacker gets in, they will be tapping into the server on a file level
and will be able to read whatever files you have anyhow. Web capture
programs work on an http:// (usually) and by that time, a PHP file has
been processed.
In this case, leave the security up your admin.
jord
On Friday, October 11, 2002, at 11:10 AM, Jefferis Peterson wrote:
> I am really confused about the connections folder created by DWMX
> [mysql/php]. I created a connection with a "read only" access to the
> database, which I assume if someone cracks the folder, they won't learn
> much, but I am concerned as to how to govern access to this folder if
> I want
> to create a member's ability to update a file. I realize I could
> create a
> password protected folder with .htacess, but the Connections folder
> would
> then contain write privileges. So, if I protect the folder from all
> then the
> free read only access to the data would be blocked as well...
>
> On my own database for my pages, in long hand, I created the connection
> script in the user account :
> <? require("/usr/home/myuseraccount/.connect/con.php");
> ?>
>
> This deed was done with a cut and paste, tutorial approach, so I didn't
> understand all the finer points of security that I was doing, but it
> allows
> for members only to view the contents of the folders, using a login to
> the
> database of users.
>
> I guess what I'm saying is that I really don't understand how you can
> set up
> protections that govern all circumstances or how you can use .htaccess
> in
> this situation to make a difference.
>
> Any help GREATLY appreciated.
>
--
Jordan L. Chilcott, President
Interactivity Unlimited
Guelph, Ontario
---------------------------------
Tel: (519) 837-1879
Cel: (519) 835-6628
eFax: (253) 276-8631
Dreamweaver Talk Administrator - mailto:dreamweaver-admin@blueworld.com
mailto:jchilcott@interactivityunlimited.com
http://www.interactivityunlimited.com
iChat/AIM: j1chilcott
Think DreamWeaver!
------------------------------------------------------------------------
List Administrator: <mailto:dreamweaver-admin@blueworld.com>
To Unsubscribe: <mailto:dreamweaver-off@blueworld.com>
Archives: <http://www.listsearch.com/dreamweavertalk.lasso>
going to really know you have one, unless you go around telling people
that it exists (sort of like what you did on the list :-) ).
Protecting it with an .htaccess is only good if you are referencing it
with an http:// protocol. The include() function accesses the
connections folder on the file level and it is behind the scenes. If a
hacker gets in, they will be tapping into the server on a file level
and will be able to read whatever files you have anyhow. Web capture
programs work on an http:// (usually) and by that time, a PHP file has
been processed.
In this case, leave the security up your admin.
jord
On Friday, October 11, 2002, at 11:10 AM, Jefferis Peterson wrote:
> I am really confused about the connections folder created by DWMX
> [mysql/php]. I created a connection with a "read only" access to the
> database, which I assume if someone cracks the folder, they won't learn
> much, but I am concerned as to how to govern access to this folder if
> I want
> to create a member's ability to update a file. I realize I could
> create a
> password protected folder with .htacess, but the Connections folder
> would
> then contain write privileges. So, if I protect the folder from all
> then the
> free read only access to the data would be blocked as well...
>
> On my own database for my pages, in long hand, I created the connection
> script in the user account :
> <? require("/usr/home/myuseraccount/.connect/con.php");
> ?>
>
> This deed was done with a cut and paste, tutorial approach, so I didn't
> understand all the finer points of security that I was doing, but it
> allows
> for members only to view the contents of the folders, using a login to
> the
> database of users.
>
> I guess what I'm saying is that I really don't understand how you can
> set up
> protections that govern all circumstances or how you can use .htaccess
> in
> this situation to make a difference.
>
> Any help GREATLY appreciated.
>
--
Jordan L. Chilcott, President
Interactivity Unlimited
Guelph, Ontario
---------------------------------
Tel: (519) 837-1879
Cel: (519) 835-6628
eFax: (253) 276-8631
Dreamweaver Talk Administrator - mailto:dreamweaver-admin@blueworld.com
mailto:jchilcott@interactivityunlimited.com
http://www.interactivityunlimited.com
iChat/AIM: j1chilcott
Think DreamWeaver!
------------------------------------------------------------------------
List Administrator: <mailto:dreamweaver-admin@blueworld.com>
To Unsubscribe: <mailto:dreamweaver-off@blueworld.com>
Archives: <http://www.listsearch.com/dreamweavertalk.lasso>
Oct 12
Jefferis Peterson Re: Making Connections SECURE? - Help!?
Oct 12, 2002; 20:30
Jefferis Peterson
Re: Making Connections SECURE? - Help!?
Search
Lasso Programming
This site manages and broadcasts several email lists pertaining to Lasso Programming and technologies related and used by Lasso developers. Sign up today!