RaythMistwalker Posted January 5, 2010 Share Posted January 5, 2010 I dunno if this is a php code thing, but since i use a config.php file for all my database connection details, is it possible to prevent someone from downloading this file if they find out the location of it? like if they find a link to it and right click > save as Quote Link to comment https://forums.phpfreaks.com/topic/187335-preventing-file-dl/ Share on other sites More sharing options...
monkeypaw201 Posted January 5, 2010 Share Posted January 5, 2010 No, not unless its downloaded through a PHP file. EDIT: mis-understood question, disregard.. Quote Link to comment https://forums.phpfreaks.com/topic/187335-preventing-file-dl/#findComment-989241 Share on other sites More sharing options...
premiso Posted January 5, 2010 Share Posted January 5, 2010 It would not matter if they did, if it was properly coded in PHP and as long as your server still parses PHP. However, it is good practice to place config files outside of the webroot, to prevent such items from happening. Quote Link to comment https://forums.phpfreaks.com/topic/187335-preventing-file-dl/#findComment-989242 Share on other sites More sharing options...
RaythMistwalker Posted January 5, 2010 Author Share Posted January 5, 2010 so its safer having it like http://domain.com/index.php include config from like some/far/away/dir/config.php ? Quote Link to comment https://forums.phpfreaks.com/topic/187335-preventing-file-dl/#findComment-989246 Share on other sites More sharing options...
PFMaBiSmAd Posted January 5, 2010 Share Posted January 5, 2010 Have you tried downloading it or browsing to it to see what you actually get as output when you do this? Quote Link to comment https://forums.phpfreaks.com/topic/187335-preventing-file-dl/#findComment-989251 Share on other sites More sharing options...
RaythMistwalker Posted January 5, 2010 Author Share Posted January 5, 2010 ok tried its cool it just returns a blank document. Solved Quote Link to comment https://forums.phpfreaks.com/topic/187335-preventing-file-dl/#findComment-989253 Share on other sites More sharing options...
premiso Posted January 6, 2010 Share Posted January 6, 2010 What I was talking about: /home/www/site/folder/index.php Is the index.php file of your site. You would store config.php in: /home/www/site/config.php That way they cannot just browse to http://www.yoursite.com/config.php as it would not exist. But you can still include the file by going up one directory with ../ and then it is safe incase somehow your server decides to stop parsing php etc. Quote Link to comment https://forums.phpfreaks.com/topic/187335-preventing-file-dl/#findComment-989354 Share on other sites More sharing options...
RaythMistwalker Posted January 6, 2010 Author Share Posted January 6, 2010 so like since my site is in domain/htdocs/index.php (access domain/index.php) i can put it so that it is stored domain/config.php? Quote Link to comment https://forums.phpfreaks.com/topic/187335-preventing-file-dl/#findComment-989358 Share on other sites More sharing options...
premiso Posted January 6, 2010 Share Posted January 6, 2010 Yea, that is the idea. So it is not accessible from the web, but it is accessible to the script. Quote Link to comment https://forums.phpfreaks.com/topic/187335-preventing-file-dl/#findComment-989362 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.