How do I stop my apache2 server from serving missile_launch_codes.ini?
Question
I know one solution is to put the .ini file outside the webroot, but I want to have a config file as part of the source tree of my webapp.
Since I want to put database passwords in it, I need to make sure its not accessible from typing www.drstrangelove.com/missile_codes.ini
I want to beleive there is an apache config setting for this but I don't know what it is or what to type in google to find out.
3 answers
solution1
3 ACCPTED 2011-01-13 13:06:12
You can use .htaccess for that:
<Files "*.ini">
order deny,allow
deny from all
</Files>
Or (if you want just the single .ini file): replace the * with the filename.
solution2
2 2011-01-13 13:16:45
尽管Tobiask的答案可以满足您的需求,但我认为更好的解决方案是将.ini文件保留在htdocs(或www)目录之外,这样一来,它就不能由apache交付。
solution3
1 2011-01-13 13:30:23
If you can't use the .htaccess file you can always cheat: rename your ini file in something like config.ini.php;
Put this at the very first line:
#<?php exit; ?>
user=username
pass=secret
In this way, if you try to call the ini file via webserver, the PHP code will be executed, otherwise the function parse_ini_file will skip the first line since it is commented ("#")
Hope this help
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.