Jump to content

Recommended Posts

Hey,

 

I have a website where I let staff upload to the /staff/ directory via an upload script that I created.

 

Now, I don't want them to be able to include files that are in the main website (in the root, or from any other directory for that matter), but still to be able to upload PHP scripts.

 

Currently it poses a huge security risk as they can include /config.php etc, which if they can guess the variable names, get the database info.

 

I found something on Google about <directory> - Includes</directory> (to put in .htaccess) which i thought would work, but it gave me an 500 Internal Server Error.

 

Perhaps I need to 'tell it' that it's a virtual directory (like my user area on the shared server my hosting is on) - so as to limit the access rights.

 

Please help and tell me how I can limit including of files other than those in the same directory!

 

Thanks

 

king

Link to comment
https://forums.phpfreaks.com/topic/2994-limit-access-to-parent-directories/
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.