apache access to private files, security question . . .

Report · Mar 03, 2007

could someone explain how to keep files hidden from the public but still available to be read by apache server. my website appears to have the www root under a public_html file, which makes sense, since that's where a lot of the display pages are, but if the root is public, how can you be certain that admin pages are secure, even if they are in a password protected file?

Report · Mar 04, 2007

On 03 Mar 2007 in macromedia.dreamweaver.appdev, hconnorjr wrote:

> could someone explain how to keep files hidden from the public but
> still available to be read by apache server. my website appears to
> have the www root under a public_html file, which makes sense, since
> that's where a lot of the display pages are, but if the root is
> public, how can you be certain that admin pages are secure, even if
> they are in a password protected file?

The Apache server can read files from anywhere in the filesystem it has
access to, including above the public_html/ directory. On many
systems, you'll find public_html's physical location to be something
like /home/username/public_html/. A lot of systems are set up such
that, say, a cgi directory on that same system would be
/home/username/cgi-bin/. The server uses those files, even though
they're outside the site root.

I think that your actual question might be how to password protect a
page or a directory? In that case, it depends on how secure you want
it and on how many username/password pairs you want. If it's only a
few, look into using htaccess/htpasswd; if it's more than that,
Dreamweaver's Help files (F1) have information about setting up
password-protected pages.

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php

Report · Mar 04, 2007

thanks joe,
maybe i'm not sure of my question(s) . . . one important question though, is how to protect the connection to the db, but still get the scripts to run. i tried putting them in a password protected folder, but sometimes the php scripts don't work. they seem to want to look in the connections folder. my remote website folders are:
Create New Folder
Upload file(s)
.cpanel-datastore 700
.htpasswds 755
.spamassassin 700
.sqmaildata 700
.trash 700
Connections 755
_notes 755
etc 755
includes 755
mail 770
private_html 755
public_ftp 755
public_html 755
tmp 755
www 755
Create New File

and i put a test site up but the connections were in the public_html (which i don't want).
looking at that list, my connections can actually be saved in the connections folder -- not in the public_html. i believe i originally uploaded the entire site to public_html, but my concern is that unless my php scripts can find this:

<?php require_once('Connections/Public_access.php'); ?>

the scripts will not run properly . . .
suggestions please. oh, and thanks for the tip on protecting folders.

Report · Mar 04, 2007

On 04 Mar 2007 in macromedia.dreamweaver.appdev, hconnorjr wrote:

> and i put a test site up but the connections were in the
> public_html (which i don't want).

That's where they belong. Since the information in the files inside that
directory are in PHP files (likewise in .asp or .aspx for IIS servers),
nobody can access them. Trying to move them will break DW's prewritten
scripts and make your life very difficult.

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php

apache access to private files, security question . . .

1 Correct answer