king Posted December 6, 2005 Share Posted December 6, 2005 Hey, I have a website where I let staff upload to the /staff/ directory via an upload script that I created. Now, I don't want them to be able to include files that are in the main website (in the root, or from any other directory for that matter), but still to be able to upload PHP scripts. Currently it poses a huge security risk as they can include /config.php etc, which if they can guess the variable names, get the database info. I found something on Google about <directory> - Includes</directory> (to put in .htaccess) which i thought would work, but it gave me an 500 Internal Server Error. Perhaps I need to 'tell it' that it's a virtual directory (like my user area on the shared server my hosting is on) - so as to limit the access rights. Please help and tell me how I can limit including of files other than those in the same directory! Thanks king Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.