permissions

[thefollower]

Hey.

 

Was wondering how i stop users accessing my root directory on local host.. i don't want them being able to find my connect script... or is it automatically secured on local host ? I use xampp/apache package

[PFMaBiSmAd]

As long as your file ends in a .php extension so that it will be parsed if someone browses to it, no one can see the code or data in the file (unless they have direct access to the file through FTP or direct access to your computer.)

 

Give it a try, browse to your file and see what you get.

[thefollower]

But say all my files are in a folder:

 

grwgwqd  < folder name

 

So they then went:

 

Www.sitename.com/grwgwgd

 

then they can see all my site's files?

[wildteen88]

Well you could place a .htaccess file in that folder to deny access, or just simply place an blank index.html file in that folder so when a user goes directly to Www.sitename.com/grwgwgd all they'll get is a blank page, or if you go the .htaccess route a 403 Forbidden error.

[drummer101]

Try what PFMaBiSmAd suggested.

 

PHP is rendered server side, and anything between the <? and ?> brackets is NOT shown to the end user.

 

Your first question and second are two completed different things. PFMaBiSmAd answered your first question correctly.

 

Answer to your second question, create an .htaccess file.

 

1.) Open notepad

2.) copy and paste "Options -Indexes"

3.) save as .htaccess (make sure it's not saved with a .txt extension)

4.) move that file to your root (htdocs) folder

5.) open www.sitename.com/grwgwgd, you should get a 403 Access Forbidden error.

[thefollower]

so the .htaccess has:

 

<?php
Options - Indexes
?>

 

And thats it ?

[wildteen88]

No need for the php tags just the configuration code. Also the .htaccess has no filename eg: the following is incorrect: filename.htaccess

 

it's just .htaccess

 

When creating this file with Notepad, make sure the File Type pull down menu is set to All Files and not Text Document

[drummer101]

Exactly what wildteen88 said.

 

Kepp in mind though, if you put this .htaccess file in your root directory EVERY directory underneath it will be disallowed from giving a directory listing.

 

ex.

root

|

images

\

members

 

If you wanted to say, disallow directory display of all directories, except members, you'd make a .htaccess file with "Options +Indexes" and place it in the members. root & images would then be disallowed from showing the index, but members, and any subfolders contained within it, would show.

 

In short, .htaccess files cascade down the directory structure.

[thefollower]

What are the reasons for allowing people to access the directory structure in the first place to me it just allows people to be one step closer to your files.. ?

[helraizer]

If you have an index page, whether it is .php, .pl, .cfm or  whatever. the user will only be able to view that page. If they go to www.sitename.com/grwgwgd

it will automatically take them to www.sitename.com/grwgwgd/index.[extension], so they can't see the files in that folder.

 

Sam

 

[thefollower]

Ok i saved the file .htaccess..

 

How can i test this to see if it stops me ? I put the file in htdocs on my localhost so its not in a subfolder its in the main root of the whole site....what do i put in the url to see if it stops me?

[juapo2]

Now, go to www.sitename.com/grwgwgd/ and you should get the 404 Error.

 

If you dont get anything, check you .htaccess file, it should have just

Options -Indexes

As you can see, if only has one space, then save the file with .htaccess and upload it, then go to www.sitename.com/grwgwgd/ it should work now