Skip to main content
ElizabethGailLittle
Inspiring
April 23, 2021
解決済み

Security

  • April 23, 2021
  • 返信数 3.
  • 266 ビュー

I have written php pages which allow an editor to upload files to the host and to view the files in a selected folder and to copy, move, or delete individual files.  This obviously gives a great deal of power to the user.  Right now I'M using them for convenience.  I did this so that when I am no longer maintaining a non-profit site that the board can designate someone else to maintain the site until they come up with an alternative.

 

In the meantime this is a big risk.  I have to have the php files in the public_html directory because all the file functions need to start from the root.  Is there any suggestion as to how I can make sure that no one other than someone given the authority can accesss these functions?  I can certainly require a secure login, but is it possible to mark files as hidden?  

 

Your advice is always appreciated.

このトピックへの返信は締め切られました。
解決に役立った回答 Nancy OShea

Not sure what you're asking.

Security begins at the server/hosting level.  Assuming the server is well managed with regular security patches and nobody but the admin has access to your backend CMS & scripts, what are your concerns?

 

 

 

返信数 3

B i r n o u
Legend
April 24, 2021

have you looked at htaccess... you can protect either  by password, by IP, by filetype, folder case, and so on... you can also serve files differently depending on profil and so on... and it is at a lower level than PHP

 

BenPleysier
Community Expert
Community Expert
April 23, 2021

The cause of the problem "Right now I'M using them for convenience."

Remove the caise, gone problem.

Wappler is the DMXzone-made Dreamweaver replacement and includes the best of their powerful extensions, as well as much more!
Nancy OShea
Community Expert
Nancy OSheaCommunity Expert解決!
Community Expert
April 23, 2021

Not sure what you're asking.

Security begins at the server/hosting level.  Assuming the server is well managed with regular security patches and nobody but the admin has access to your backend CMS & scripts, what are your concerns?

 

 

 

Nancy O'Shea— Product User & Community Expert