I would like to keep all config options for a webapp in one file. (pathes, passwords, options which are read by php, sass (during compilation), maybe grunt,..)
I like the JSON format since its very clear and almost anything can parse json. But by default .json files can be downloaded.
Can I safely prevent that by giving the file a .json.php
extension?
What are the drawbacks? Better Approaches?
To prevent the file being downloaded, generally the way to go is to store it in a directory that is not served by the web server. I don't know what setup you're in, but assuming an Apache setup, if for example your .php
files are served from a directory /home/user/htdocs
, you could create a directory /home/user/config
, ensure that it is readable by the webserver, and store the .json
files there.
Another approach, again assuming Apache, would be to create an .htaccess
file containing the following (inspired by this answer ):
RedirectMatch 404 \.json$
This would not only prevent downloading any and all .json
files in the directory, but hide their very existence.
It might just be possible to do it the way you suggested, by storing the file with a .json.php
extension, although this would not be a recommended approach. For this to work, the file has to be valid PHP but it must obviously be valid JSON as well and we are hampered somewhat by the fact that JSON does not allow comments. Something like the following would stop the PHP interpreter soon after the start of the file, before spilling your secrets:
{
"<?php exit('Access denied'); ?>": null,
"password": "secret"
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.