Jump to content

Archived

This topic is now archived and is closed to further replies.

king

Limit access to parent directories

Recommended Posts

Hey,

 

I have a website where I let staff upload to the /staff/ directory via an upload script that I created.

 

Now, I don't want them to be able to include files that are in the main website (in the root, or from any other directory for that matter), but still to be able to upload PHP scripts.

 

Currently it poses a huge security risk as they can include /config.php etc, which if they can guess the variable names, get the database info.

 

I found something on Google about <directory> - Includes</directory> (to put in .htaccess) which i thought would work, but it gave me an 500 Internal Server Error.

 

Perhaps I need to 'tell it' that it's a virtual directory (like my user area on the shared server my hosting is on) - so as to limit the access rights.

 

Please help and tell me how I can limit including of files other than those in the same directory!

 

Thanks

 

king

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.