Creating a php file in PHP
Question
I'm working on an installer for a project of mine and the installer will create a configuration file.
I have it working 99.99% fine, but in that file i want a check to ensure a hacking can't access it directly, and that code uses the $_SERVER super global, which in every run, gets parsed by php so it breaks the logic I'm trying to go for.
does anyone know I can get the superglobal to stay intact as it is without it parsing or should i rethink my logic and add it elsewhere?
for those who may want to see the code, here it is:
#Disable direct access.
if(!strcasecmp(basename($_SERVER['SCRIPT_NAME']),basename(__FILE__)) || !defined('accessed')){
die('<string>No Direct access is allowed for this file.</string>');
}
2 answers
solution1
2 ACCPTED 2011-07-18 16:50:40
Assuming you are using Apache (or any .htaccess compatible server), you just have to create a .htaccess file in the folder holding your configuration file, containing the following:
<Files config.php>
deny from all
</Files>
It will prevent any access to this file through an HTTP request.
See using .htaccess files for details.
solution2
1 2011-07-18 16:53:20
Don't use in-script or .htaccess protections - just write the file somewhere outside of the document root. If you don't want something to become available, don't make it available.
Putting it in the document root is like your bank hanging sacks of money in the front window with "do not steal" written on them.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.