defeated Posted April 14, 2009 Share Posted April 14, 2009 Hi, I'm working on sending xml documents to other websites. I am writing the xml to a file and then reading it and sending it. Every time I send new info the file is overwritten with new data. It works perfectly. Then it occurred to me that this is not even slightly secure. All someone has to do to get the passwords that are sent in the xml is crawl my site and look at one of the xml files which contain the info. So I have an idea. If I create a random_filename.xml each time I send and then delete it as soon as it is sent it should be ok? I really don't know how secure that would be. It seems fine to me but what do I know. Anybody got any suggestions. I am going to be going into competition with some really big players and I can expect to come under serious attack given the history of the sector in this country so I need everything to be as secure as is reasonably possible. I'd appreciate any advice from any security experts. Thank you. Quote Link to comment https://forums.phpfreaks.com/topic/154005-solved-security-and-temp-files/ Share on other sites More sharing options...
MasterACE14 Posted April 14, 2009 Share Posted April 14, 2009 that sounds like a viable idea. If it is passwords you're sending you might want to consider md5 hashing them if that won't effect anything. Quote Link to comment https://forums.phpfreaks.com/topic/154005-solved-security-and-temp-files/#findComment-809481 Share on other sites More sharing options...
defeated Posted April 14, 2009 Author Share Posted April 14, 2009 A speedy response! Thank you. I just did a quick google on MD5 hash and that looks like a good idea. Cheers! Quote Link to comment https://forums.phpfreaks.com/topic/154005-solved-security-and-temp-files/#findComment-809485 Share on other sites More sharing options...
PFMaBiSmAd Posted April 14, 2009 Share Posted April 14, 2009 If only your php script needs to have access to these files you are generating, you should place them into a folder that does not have any http (web) access. Quote Link to comment https://forums.phpfreaks.com/topic/154005-solved-security-and-temp-files/#findComment-809647 Share on other sites More sharing options...
defeated Posted April 14, 2009 Author Share Posted April 14, 2009 you should place them into a folder that does not have any http (web) access. Pardon my ignorance.... but where? how? How do I prevent a folder having http access? Quote Link to comment https://forums.phpfreaks.com/topic/154005-solved-security-and-temp-files/#findComment-809738 Share on other sites More sharing options...
PFMaBiSmAd Posted April 14, 2009 Share Posted April 14, 2009 Place the folder outside of your document root folder (closer to the root of the hard disk) or if that option is not available and you must place the folder inside of your document root folder, then you need to place a .htaccess file in it that prevents all http/https requests. Quote Link to comment https://forums.phpfreaks.com/topic/154005-solved-security-and-temp-files/#findComment-809743 Share on other sites More sharing options...
defeated Posted April 14, 2009 Author Share Posted April 14, 2009 Sweet! Have to go the .htaccess route. I'll google for what to put in. Cheers, that's great help! I love this forum. Quote Link to comment https://forums.phpfreaks.com/topic/154005-solved-security-and-temp-files/#findComment-809749 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.