Skip to main content
H
hconnorjr
Inspiring
March 3, 2007
Answered

apache access to private files, security question . . .

  • March 3, 2007
  • 1 reply
  • 470 views
could someone explain how to keep files hidden from the public but still available to be read by apache server. my website appears to have the www root under a public_html file, which makes sense, since that's where a lot of the display pages are, but if the root is public, how can you be certain that admin pages are secure, even if they are in a password protected file?
This topic has been closed for replies.
Correct answer Newsgroup_User
On 04 Mar 2007 in macromedia.dreamweaver.appdev, hconnorjr wrote:

> and i put a test site up but the connections were in the
> public_html (which i don't want).

That's where they belong. Since the information in the files inside that
directory are in PHP files (likewise in .asp or .aspx for IIS servers),
nobody can access them. Trying to move them will break DW's prewritten
scripts and make your life very difficult.

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php

1 reply

N
Newsgroup_User
Inspiring
March 4, 2007
On 03 Mar 2007 in macromedia.dreamweaver.appdev, hconnorjr wrote:

> could someone explain how to keep files hidden from the public but
> still available to be read by apache server. my website appears to
> have the www root under a public_html file, which makes sense, since
> that's where a lot of the display pages are, but if the root is
> public, how can you be certain that admin pages are secure, even if
> they are in a password protected file?

The Apache server can read files from anywhere in the filesystem it has
access to, including above the public_html/ directory. On many
systems, you'll find public_html's physical location to be something
like /home/username/public_html/. A lot of systems are set up such
that, say, a cgi directory on that same system would be
/home/username/cgi-bin/. The server uses those files, even though
they're outside the site root.

I think that your actual question might be how to password protect a
page or a directory? In that case, it depends on how secure you want
it and on how many username/password pairs you want. If it's only a
few, look into using htaccess/htpasswd; if it's more than that,
Dreamweaver's Help files (F1) have information about setting up
password-protected pages.

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php
N
Newsgroup_UserCorrect answer
Inspiring
March 5, 2007
On 04 Mar 2007 in macromedia.dreamweaver.appdev, hconnorjr wrote:

> and i put a test site up but the connections were in the
> public_html (which i don't want).

That's where they belong. Since the information in the files inside that
directory are in PHP files (likewise in .asp or .aspx for IIS servers),
nobody can access them. Trying to move them will break DW's prewritten
scripts and make your life very difficult.

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices