[SOLVED] document root

[asmith]

i've read to put sql and other important information outside of the document root a few  times.

for achiving this i only need to put ../  ?  like :    http://www.domain.com/../password.php

?

can't a user just type  http://www.domain.com/../password.php in a download program and get it ?

or i got whole wrong ?

(sorry , i know it is not a full php question)

[Schlo_50]

I've often wondered this too. I used sessions to check whether a user was logged in as an admin when they tried to guess a URL and then redirected to login.php if they wern't logged in.

 

There surely will be a better option though. SSL sites must have some kind of method to stop this.

[rajivgonsalves]

the user will not be able to access directories outside the document root, the document root as it states is the root directory of the web server, the directories can only be accessed from within the scripts

[asmith]

so for example  :  if i save all mysql and passwords into  emmm security.php . 

then i include them in a script ? 

like:

 

 

<?php
include("http://www.domain.com/../security.php");

 

is that right ? or i have to cinfigure some setting too ?

[rajivgonsalves]

you have to include them using the following (system path).

 

<?php
include("../security.php");

 

when you try to include something prefixing with http:// it will only include the output of the script not the actual code

[asmith]

ok .

so no configure needed,

another thing,

is this needed to do such coding :

 

<?php
$a = true;
include("../security.php");

security.php

<?php
if (!isset($a))
{exit;}


// the codes 

unset($a);

 

 

i mean this way for preventing someone to access security.php individually .

but as talking about the path outside the root ,

is that nessery now ?

 

[rajivgonsalves]

No actually, but you can add it on for extra measure.

[asmith]

gotcha  !

thanks again and again !