doubledee Posted May 14, 2011 Share Posted May 14, 2011 I need to store the Login ID and Key for my Payment Gateway, and figured it was best to do this outside my web root ("httpdocs") on my VPS. Unfortunately, my PHP Include is breaking, and it looks like this is a *major* thing to get working, since requires me to tinker with Plesk's default settings in Linux. (This link seems to discuss the same issues I'm having: http://stackoverflow.com/questions/2370053/how-to-include-file-outside-document-root ) Anyways... Since I'm no Linux guru and afraid of breaking my VPS, how bad would it be to store my Authorize.net API ID and Key in a PHP file in my web root and include that file in my "checkout.php" file?? If anyone knows a reasonably easy way to fix the issue described in the link above, I'm all for it, but I am thinking I may have to just settle on leaving things in my web root... :-\ Thanks, Debbie Quote Link to comment https://forums.phpfreaks.com/topic/236383-saving-payment-gateway-credentials-in-web-root/ Share on other sites More sharing options...
anupamsaha Posted May 14, 2011 Share Posted May 14, 2011 You can have the file in web root, but, with extra care through .htaccess file. You can protect file(s) from reading through browser in .htaccess file. Here is an article to give you an idea: http://www.techiecorner.com/1245/how-to-block-access-to-certain-file-types-using-htaccess/ Try it and let us know if it works or not. Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/236383-saving-payment-gateway-credentials-in-web-root/#findComment-1215452 Share on other sites More sharing options...
doubledee Posted May 14, 2011 Author Share Posted May 14, 2011 You can have the file in web root, but, with extra care through .htaccess file. You can protect file(s) from reading through browser in .htaccess file. Here is an article to give you an idea: http://www.techiecorner.com/1245/how-to-block-access-to-certain-file-types-using-htaccess/ Try it and let us know if it works or not. Thanks! Is there a way to lock a file so it cannot be opened, just like I could put a password on "MyFinances.xls"?? Also, what would be the best file permissions to put on my config file and the folder it is in, in addition to your .htaccess idea? Debbie Quote Link to comment https://forums.phpfreaks.com/topic/236383-saving-payment-gateway-credentials-in-web-root/#findComment-1215455 Share on other sites More sharing options...
anupamsaha Posted May 14, 2011 Share Posted May 14, 2011 Regarding the password, you can use .htpasswd for this. You will find lots of article towards .htpasswd. And, regarding the file permission, you can set 640 (i.e. Owner will have read+write, group will have read-only and rest of the world can do nothing). Hope this helps. Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/236383-saving-payment-gateway-credentials-in-web-root/#findComment-1215459 Share on other sites More sharing options...
doubledee Posted May 14, 2011 Author Share Posted May 14, 2011 Regarding the password, you can use .htpasswd for this. You will find lots of article towards .htpasswd. And, regarding the file permission, you can set 640 (i.e. Owner will have read+write, group will have read-only and rest of the world can do nothing). Hope this helps. Thanks! My structure is... httpdocs/secure/checkout.php httpdocs/private/auth_config.php Does *Group* need any access?? Could I just set the permission for private to... rwx --- --- Debbie Quote Link to comment https://forums.phpfreaks.com/topic/236383-saving-payment-gateway-credentials-in-web-root/#findComment-1215463 Share on other sites More sharing options...
anupamsaha Posted May 14, 2011 Share Posted May 14, 2011 If you need browser to access the files, then put 644 as permission. If PHP is running as CGI, you can set 700. Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/236383-saving-payment-gateway-credentials-in-web-root/#findComment-1215465 Share on other sites More sharing options...
doubledee Posted May 14, 2011 Author Share Posted May 14, 2011 If you need browser to access the files, then put 644 as permission. If PHP is running as CGI, you can set 700. Thanks! The file... httpdocs/private/auth_config.php Is being included by... httpdocs/secure/checkout.php So for my code to run properly, what permissions would need to be set on... httpdocs/private ?? What about for... httpdocs/private/auth_config.php ?? Debbie Quote Link to comment https://forums.phpfreaks.com/topic/236383-saving-payment-gateway-credentials-in-web-root/#findComment-1215468 Share on other sites More sharing options...
anupamsaha Posted May 14, 2011 Share Posted May 14, 2011 As a thumb rule, file permission should be 644 and folder permission should be 755. Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/236383-saving-payment-gateway-credentials-in-web-root/#findComment-1215472 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.