Is there any way to do an AJAX call to a file above public_html?

Question

I'm making a script that lets my users open the page, vote for our site, and then get a password to some restricted content on the site. However, I plan on storing the password in a file outside public_html so it cannot be read directly from the source code.

Is there any way to do an AJAX call to a file above public_html? I don't want to AJAX to a file inside public_html that will read the file, it'll just defeat the purpose.

Answer 1

Not directly, no. And, frankly, thank goodness for that (since js is executed client-side, and the client should never have access to the web-server above public_html).

You can, however, use Ajax to call a php script inside the web root that has access to documents outside of the web-root. This way you're still keeping the password out of public reach, but still allowing your users to make use of it.

The down-side is that the password might make it to the client-side in the Ajax call (depending on what your Ajax call does). Basically, if JS can get access to the password then so can any interested user.

Answer 2

No, you cannot do that.

The web server does not allow you to do that.

Also, it is highly insecure to expose access to non public_html files on the server.